kallithea: rhodecode/lib/auth.py annotate

annotate rhodecode/lib/auth.py @ 742:1377a9d4bdb9 beta

#78, fixed more reliable case insensitive searches

author	Marcin Kuzminski <marcin@python-works.com>
date	Tue, 23 Nov 2010 14:15:45 +0100
parents	54684e071457
children	88338675a0f7

rev	line source
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	1 #!/usr/bin/env python
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	2 # encoding: utf-8
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	3 # authentication and permission libraries
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	4 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	5 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	6 # This program is free software; you can redistribute it and/or
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	7 # modify it under the terms of the GNU General Public License
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	8 # as published by the Free Software Foundation; version 2
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	9 # of the License or (at your opinion) any later version of the license.
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	10 #
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	11 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	14 # GNU General Public License for more details.
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	15 #
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	16 # You should have received a copy of the GNU General Public License
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	17 # along with this program; if not, write to the Free Software
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	19 # MA 02110-1301, USA.
381 55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	20 """
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	21 Created on April 4, 2010
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	22
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	23 @author: marcink
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	24 """
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	25 from pylons import config, session, url, request
52 25e516447a33 implemented autentication marcink parents: 48 diff changeset	26 from pylons.controllers.util import abort, redirect
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	27 from rhodecode.lib.exceptions import *
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	28 from rhodecode.lib.utils import get_repo_slug
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	29 from rhodecode.lib.auth_ldap import AuthLdap
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	30 from rhodecode.model import meta
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	31 from rhodecode.model.user import UserModel
609 c1c1cf772337 moved out sqlalchemy cache from meta to the config files. Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	32 from rhodecode.model.caching_query import FromCache
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	33 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	34 UserToPerm
415 04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	35 import bcrypt
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	36 from decorator import decorator
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	37 import logging
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	38 import random
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	39 import traceback
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	40
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	41 log = logging.getLogger(__name__)
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	42
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	43 class PasswordGenerator(object):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	44 """This is a simple class for generating password from
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	45 different sets of characters
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	46 usage:
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	47 passwd_gen = PasswordGenerator()
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	48 #print 8-letter password containing only big and small letters of alphabet
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	49 print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	50 """
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	51 ALPHABETS_NUM = r'''1234567890'''#[0]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	52 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	53 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	54 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}\|:"<>?''' #[3]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	55 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	56 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	57 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	58 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	59 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	60
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	61 def __init__(self, passwd=''):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	62 self.passwd = passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	63
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	64 def gen_password(self, len, type):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	65 self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	66 return self.passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	67
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	68
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	69 def get_crypt_password(password):
412 b6a25169c005 fixes #25 removed crypt based password hashing and changed it into sha1 based. Marcin Kuzminski <marcin@python-works.com> parents: 404 diff changeset	70 """Cryptographic function used for password hashing based on sha1
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	71 :param password: password to hash
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	72 """
415 04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	73 return bcrypt.hashpw(password, bcrypt.gensalt(10))
04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	74
04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	75 def check_password(password, hashed):
04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	76 return bcrypt.hashpw(password, hashed) == hashed
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	77
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	78 def authfunc(environ, username, password):
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	79 """
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	80 Authentication function used in Mercurial/Git/ and access control,
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	81 firstly checks for db authentication then if ldap is enabled for ldap
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	82 authentication, also creates ldap user if not in database
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	83
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	84 :param environ: needed only for using in Basic auth, can be None
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	85 :param username: username
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	86 :param password: password
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	87 """
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	88 user_model = UserModel()
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	89 user = user_model.get_by_username(username, cache=False)
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	90
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	91 if user is not None and user.is_ldap is False:
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	92 if user.active:
674 99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	93
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	94 if user.username == 'default' and user.active:
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	95 log.info('user %s authenticated correctly', username)
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	96 return True
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	97
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	98 elif user.username == username and check_password(password, user.password):
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	99 log.info('user %s authenticated correctly', username)
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	100 return True
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	101 else:
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	102 log.error('user %s is disabled', username)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	103
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	104
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	105 else:
741 54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	106
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	107 #since ldap is searching in case insensitive check if this user is still
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	108 #not in our system
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	109 username = username.lower()
742 1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 741 diff changeset	110 user_obj = user_model.get_by_username(username, cache=False,
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 741 diff changeset	111 case_insensitive=True)
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 741 diff changeset	112 if user_obj is not None:
741 54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	113 return False
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	114
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	115 from rhodecode.model.settings import SettingsModel
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	116 ldap_settings = SettingsModel().get_ldap_settings()
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	117
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	118 #======================================================================
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	119 # FALLBACK TO LDAP AUTH IN ENABLE
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	120 #======================================================================
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	121 if ldap_settings.get('ldap_active', False):
741 54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	122
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	123 kwargs = {
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	124 'server':ldap_settings.get('ldap_host', ''),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	125 'base_dn':ldap_settings.get('ldap_base_dn', ''),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	126 'port':ldap_settings.get('ldap_port'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	127 'bind_dn':ldap_settings.get('ldap_dn_user'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	128 'bind_pass':ldap_settings.get('ldap_dn_pass'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	129 'use_ldaps':ldap_settings.get('ldap_ldaps'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	130 'ldap_version':3,
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	131 }
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	132 log.debug('Checking for ldap authentication')
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	133 try:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	134 aldap = AuthLdap(**kwargs)
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	135 res = aldap.authenticate_ldap(username, password)
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	136
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	137 authenticated = res[1]['uid'][0] == username
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	138
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	139 if authenticated and user_model.create_ldap(username, password):
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	140 log.info('created new ldap user')
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	141
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	142 return authenticated
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	143 except (LdapUsernameError, LdapPasswordError):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	144 return False
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	145 except:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	146 log.error(traceback.format_exc())
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	147 return False
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	148 return False
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	149
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	150 class AuthUser(object):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	151 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	152 A simple object that handles a mercurial username for authentication
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	153 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	154 def __init__(self):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	155 self.username = 'None'
355 5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	156 self.name = ''
5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	157 self.lastname = ''
404 a10bdd0b05a7 fixed user email for gravatars Marcin Kuzminski <marcin@python-works.com> parents: 399 diff changeset	158 self.email = ''
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	159 self.user_id = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	160 self.is_authenticated = False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	161 self.is_admin = False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	162 self.permissions = {}
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	163
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	164 def __repr__(self):
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	165 return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	166
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	167 def set_available_permissions(config):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	168 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	169 This function will propagate pylons globals with all available defined
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	170 permission given in db. We don't wannt to check each time from db for new
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	171 permissions since adding a new permission also requires application restart
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	172 ie. to decorate new views with the newly created permission
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	173 :param config:
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	174 """
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	175 log.info('getting information about all available permissions')
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	176 try:
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	177 sa = meta.Session()
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	178 all_perms = sa.query(Permission).all()
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	179 except:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	180 pass
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	181 finally:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	182 meta.Session.remove()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	183
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	184 config['available_permissions'] = [x.permission_name for x in all_perms]
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	185
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	186 def set_base_path(config):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	187 config['base_path'] = config['pylons.app_globals'].base_path
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	188
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	189
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	190 def fill_perms(user):
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	191 """
a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	192 Fills user permission attribute with permissions taken from database
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	193 :param user:
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	194 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	195
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	196 sa = meta.Session()
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	197 user.permissions['repositories'] = {}
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	198 user.permissions['global'] = set()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	199
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	200 #===========================================================================
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	201 # fetch default permissions
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	202 #===========================================================================
692 cb0d9ce6ac5c #50 on point cache invalidation changes. Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	203 default_user = UserModel().get_by_username('default', cache=True)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	204
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	205 default_perms = sa.query(RepoToPerm, Repository, Permission)\
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	206 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	207 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
609 c1c1cf772337 moved out sqlalchemy cache from meta to the config files. Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	208 .filter(RepoToPerm.user == default_user).all()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	209
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	210 if user.is_admin:
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	211 #=======================================================================
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	212 # #admin have all default rights set to admin
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	213 #=======================================================================
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	214 user.permissions['global'].add('hg.admin')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	215
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	216 for perm in default_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	217 p = 'repository.admin'
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	218 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	219
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	220 else:
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	221 #=======================================================================
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	222 # set default permissions
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	223 #=======================================================================
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	224
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	225 #default global
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	226 default_global_perms = sa.query(UserToPerm)\
741 54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	227 .filter(UserToPerm.user == sa.query(User)\
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	228 .filter(User.username == 'default').one())
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	229
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	230 for perm in default_global_perms:
16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	231 user.permissions['global'].add(perm.permission.permission_name)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	232
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	233 #default repositories
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	234 for perm in default_perms:
380 ca54622e39a1 Added separate create repository views for non administrative users. Marcin Kuzminski <marcin@python-works.com> parents: 377 diff changeset	235 if perm.Repository.private and not perm.Repository.user_id == user.user_id:
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	236 #disable defaults for private repos,
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	237 p = 'repository.none'
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	238 elif perm.Repository.user_id == user.user_id:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	239 #set admin if owner
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	240 p = 'repository.admin'
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	241 else:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	242 p = perm.Permission.permission_name
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	243
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	244 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	245
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	246 #=======================================================================
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	247 # #overwrite default with user permissions if any
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	248 #=======================================================================
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	249 user_perms = sa.query(RepoToPerm, Permission, Repository)\
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	250 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	251 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	252 .filter(RepoToPerm.user_id == user.user_id).all()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	253
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	254 for perm in user_perms:
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	255 if perm.Repository.user_id == user.user_id:#set admin if owner
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	256 p = 'repository.admin'
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	257 else:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	258 p = perm.Permission.permission_name
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	259 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	260 meta.Session.remove()
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	261 return user
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	262
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	263 def get_user(session):
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	264 """
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	265 Gets user from session, and wraps permissions into user
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	266 :param session:
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	267 """
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	268 user = session.get('rhodecode_user', AuthUser())
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	269 #if the user is not logged in we check for anonymous access
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	270 #if user is logged and it's a default user check if we still have anonymous
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	271 #access enabled
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	272 if user.user_id is None or user.username == 'default':
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	273 anonymous_user = UserModel().get_by_username('default', cache=True)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	274 if anonymous_user.active is True:
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	275 #then we set this user is logged in
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	276 user.is_authenticated = True
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 674 diff changeset	277 user.user_id = anonymous_user.user_id
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	278 else:
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	279 user.is_authenticated = False
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	280
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	281 if user.is_authenticated:
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	282 user = UserModel().fill_data(user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	283
412 b6a25169c005 fixes #25 removed crypt based password hashing and changed it into sha1 based. Marcin Kuzminski <marcin@python-works.com> parents: 404 diff changeset	284 user = fill_perms(user)
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	285 session['rhodecode_user'] = user
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	286 session.save()
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	287 return user
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	288
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	289 #===============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	290 # CHECK DECORATORS
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	291 #===============================================================================
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	292 class LoginRequired(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	293 """Must be logged in to execute this function else redirect to login page"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	294
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	295 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	296 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	297
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	298 def __wrapper(self, func, fargs, *fkwargs):
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	299 user = session.get('rhodecode_user', AuthUser())
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	300 log.debug('Checking login required for user:%s', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	301 if user.is_authenticated:
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	302 log.debug('user %s is authenticated', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	303 return func(fargs, *fkwargs)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	304 else:
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	305 log.warn('user %s not authenticated', user.username)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	306
508 fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	307 p = ''
fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	308 if request.environ.get('SCRIPT_NAME') != '/':
fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	309 p += request.environ.get('SCRIPT_NAME')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	310
508 fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	311 p += request.environ.get('PATH_INFO')
437 930f8182a884 Added redirection to page that request came from, after login in Marcin Kuzminski <marcin@python-works.com> parents: 424 diff changeset	312 if request.environ.get('QUERY_STRING'):
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	313 p += '?' + request.environ.get('QUERY_STRING')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	314
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	315 log.debug('redirecting to login page with %s', p)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	316 return redirect(url('login_home', came_from=p))
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	317
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	318 class PermsDecorator(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	319 """Base class for decorators"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	320
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	321 def __init__(self, *required_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	322 available_perms = config['available_permissions']
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	323 for perm in required_perms:
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	324 if perm not in available_perms:
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	325 raise Exception("'%s' permission is not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	326 self.required_perms = set(required_perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	327 self.user_perms = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	328
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	329 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	330 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	331
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	332
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	333 def __wrapper(self, func, fargs, *fkwargs):
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	334 # _wrapper.__name__ = func.__name__
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	335 # _wrapper.__dict__.update(func.__dict__)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	336 # _wrapper.__doc__ = func.__doc__
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	337 self.user = session.get('rhodecode_user', AuthUser())
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	338 self.user_perms = self.user.permissions
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	339 log.debug('checking %s permissions %s for %s %s',
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	340 self.__class__.__name__, self.required_perms, func.__name__,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	341 self.user)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	342
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	343 if self.check_permissions():
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	344 log.debug('Permission granted for %s %s', func.__name__, self.user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	345
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	346 return func(fargs, *fkwargs)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	347
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	348 else:
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	349 log.warning('Permission denied for %s %s', func.__name__, self.user)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	350 #redirect with forbidden ret code
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	351 return abort(403)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	352
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	353
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	354
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	355 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	356 """Dummy function for overriding"""
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	357 raise Exception('You have to write this function in child class')
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	358
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	359 class HasPermissionAllDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	360 """Checks for access permission for all given predicates. All of them
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	361 have to be meet in order to fulfill the request
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	362 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	363
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	364 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	365 if self.required_perms.issubset(self.user_perms.get('global')):
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	366 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	367 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	368
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	369
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	370 class HasPermissionAnyDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	371 """Checks for access permission for any of given predicates. In order to
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	372 fulfill the request any of predicates must be meet
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	373 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	374
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	375 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	376 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	377 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	378 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	379
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	380 class HasRepoPermissionAllDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	381 """Checks for access permission for all given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	382 repository. All of them have to be meet in order to fulfill the request
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	383 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	384
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	385 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	386 repo_name = get_repo_slug(request)
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	387 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	388 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	389 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	390 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	391 if self.required_perms.issubset(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	392 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	393 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	394
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	395
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	396 class HasRepoPermissionAnyDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	397 """Checks for access permission for any of given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	398 repository. In order to fulfill the request any of predicates must be meet
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	399 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	400
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	401 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	402 repo_name = get_repo_slug(request)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	403
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	404 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	405 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	406 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	407 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	408 if self.required_perms.intersection(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	409 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	410 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	411 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	412 # CHECK FUNCTIONS
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	413 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	414
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	415 class PermsFunction(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	416 """Base function for other check functions"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	417
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	418 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	419 available_perms = config['available_permissions']
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	420
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	421 for perm in perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	422 if perm not in available_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	423 raise Exception("'%s' permission in not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	424 self.required_perms = set(perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	425 self.user_perms = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	426 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	427 self.repo_name = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	428
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	429 def __call__(self, check_Location=''):
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	430 user = session.get('rhodecode_user', False)
333 f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	431 if not user:
f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	432 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	433 self.user_perms = user.permissions
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	434 self.granted_for = user.username
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	435 log.debug('checking %s %s %s', self.__class__.__name__,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	436 self.required_perms, user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	437
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	438 if self.check_permissions():
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	439 log.debug('Permission granted for %s @ %s %s', self.granted_for,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	440 check_Location, user)
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	441 return True
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	442
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	443 else:
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	444 log.warning('Permission denied for %s @ %s %s', self.granted_for,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	445 check_Location, user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	446 return False
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	447
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	448 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	449 """Dummy function for overriding"""
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	450 raise Exception('You have to write this function in child class')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	451
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	452 class HasPermissionAll(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	453 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	454 if self.required_perms.issubset(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	455 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	456 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	457
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	458 class HasPermissionAny(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	459 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	460 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	461 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	462 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	463
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	464 class HasRepoPermissionAll(PermsFunction):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	465
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	466 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	467 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	468 return super(HasRepoPermissionAll, self).__call__(check_Location)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	469
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	470 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	471 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	472 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	473
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	474 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	475 self.user_perms = set([self.user_perms['repositories']\
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	476 [self.repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	477 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	478 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	479 self.granted_for = self.repo_name
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	480 if self.required_perms.issubset(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	481 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	482 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	483
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	484 class HasRepoPermissionAny(PermsFunction):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	485
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	486 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	487 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	488 return super(HasRepoPermissionAny, self).__call__(check_Location)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	489
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	490 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	491 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	492 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	493
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	494 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	495 self.user_perms = set([self.user_perms['repositories']\
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	496 [self.repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	497 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	498 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	499 self.granted_for = self.repo_name
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	500 if self.required_perms.intersection(self.user_perms):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	501 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	502 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	503
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	504 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	505 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	506 #===============================================================================
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	507
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	508 class HasPermissionAnyMiddleware(object):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	509 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	510 self.required_perms = set(perms)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	511
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	512 def __call__(self, user, repo_name):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	513 usr = AuthUser()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	514 usr.user_id = user.user_id
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	515 usr.username = user.username
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	516 usr.is_admin = user.admin
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	517
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	518 try:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	519 self.user_perms = set([fill_perms(usr)\
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	520 .permissions['repositories'][repo_name]])
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	521 except:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	522 self.user_perms = set()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	523 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	524 self.username = user.username
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	525 self.repo_name = repo_name
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	526 return self.check_permissions()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	527
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	528 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	529 log.debug('checking mercurial protocol '
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	530 'permissions for user:%s repository:%s',
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	531 self.username, self.repo_name)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	532 if self.required_perms.intersection(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	533 log.debug('permission granted')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	534 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	535 log.debug('permission denied')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	536 return False

Mercurial > kallithea

annotate rhodecode/lib/auth.py @ 742:1377a9d4bdb9 beta