kallithea: rhodecode/model/user.py annotate

annotate rhodecode/model/user.py @ 3625:260a7a01b054 beta

follow Python conventions for boolean values True and False might be singletons and the "default" values for "boolean" expressions, but "all" values in Python has a boolean value and should be evaluated as such. Checking with 'is True' and 'is False' is thus confusing, error prone and unnessarily complex. If we anywhere rely and nullable boolean fields from the database layer and don't want the null value to be treated as False then we should check explicitly for null with 'is None'.

author	Mads Kiilerich <madski@unity3d.com>
date	Thu, 28 Mar 2013 01:10:45 +0100
parents	fa6ba6727475
children	10b4e34841a4

rev	line source
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	1 # -- coding: utf-8 --
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	2 """
956 83d35d716a02 started working on issue #56 Marcin Kuzminski <marcin@python-works.com> parents: 902 diff changeset	3 rhodecode.model.user
83d35d716a02 started working on issue #56 Marcin Kuzminski <marcin@python-works.com> parents: 902 diff changeset	4 ~~~~~~~~~~~~~~~~~~~~
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	5
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	6 users model for RhodeCode
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	7
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	8 :created_on: Apr 9, 2010
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	9 :author: marcink
1824 89efedac4e6c 2012 copyrights Marcin Kuzminski <marcin@python-works.com> parents: 1818 diff changeset	10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	11 :license: GPLv3, see COPYING for more details.
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	12 """
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	13 # This program is free software: you can redistribute it and/or modify
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	14 # it under the terms of the GNU General Public License as published by
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	15 # the Free Software Foundation, either version 3 of the License, or
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	16 # (at your option) any later version.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	17 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	18 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	21 # GNU General Public License for more details.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	22 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	23 # You should have received a copy of the GNU General Public License
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	25
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	26 import logging
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	27 import traceback
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	28 import itertools
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	29 import collections
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	30 from pylons import url
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	31 from pylons.i18n.translation import _
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	32
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	33 from sqlalchemy.exc import DatabaseError
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	34 from sqlalchemy.orm import joinedload
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	35
2109 8ecfed1d8f8b utils/conf Marcin Kuzminski <marcin@python-works.com> parents: 2078 diff changeset	36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key
1669 f522f4d3bf93 moved caching query to libs Marcin Kuzminski <marcin@python-works.com> parents: 1634 diff changeset	37 from rhodecode.lib.caching_query import FromCache
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	38 from rhodecode.model import BaseModel
1633 2c0d35e336b5 refactoring of models names for repoGroup permissions Marcin Kuzminski <marcin@python-works.com> parents: 1628 diff changeset	39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	42 UserEmailMap, UserIpMap
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	43 from rhodecode.lib.exceptions import DefaultUserException, \
2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	44 UserOwnsReposException
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	45 from rhodecode.model.meta import Session
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	46
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	47
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	48 log = logging.getLogger(__name__)
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	49
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	50 PERM_WEIGHTS = Permission.PERM_WEIGHTS
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	51
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	52
752 89b9037d68b7 fixed Example celery config to ampq, Marcin Kuzminski <marcin@python-works.com> parents: 750 diff changeset	53 class UserModel(BaseModel):
2522 17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	54 cls = User
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1713 diff changeset	55
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	56 def get(self, user_id, cache=False):
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	57 user = self.sa.query(User)
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	58 if cache:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	59 user = user.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	60 "get_user_%s" % user_id))
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	61 return user.get(user_id)
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	62
2009 b63adad7c4af API updates Marcin Kuzminski <marcin@python-works.com> parents: 1982 diff changeset	63 def get_user(self, user):
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	64 return self._get_user(user)
2009 b63adad7c4af API updates Marcin Kuzminski <marcin@python-works.com> parents: 1982 diff changeset	65
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	66 def get_by_username(self, username, cache=False, case_insensitive=False):
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	67
742 1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	68 if case_insensitive:
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	69 user = self.sa.query(User).filter(User.username.ilike(username))
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	70 else:
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	71 user = self.sa.query(User)\
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	72 .filter(User.username == username)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	73 if cache:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	74 user = user.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	75 "get_user_%s" % username))
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	76 return user.scalar()
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	77
2522 17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	78 def get_by_email(self, email, cache=False, case_insensitive=False):
17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	79 return User.get_by_email(email, case_insensitive, cache)
17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	80
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	81 def get_by_api_key(self, api_key, cache=False):
1693 60249224be04 fix for api key lookup, reuse same function in user model Marcin Kuzminski <marcin@python-works.com> parents: 1690 diff changeset	82 return User.get_by_api_key(api_key, cache)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	83
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	84 def create(self, form_data):
2467 4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	85 from rhodecode.lib.auth import get_crypt_password
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	86 try:
a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	87 new_user = User()
a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	88 for k, v in form_data.items():
2467 4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	89 if k == 'password':
4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	90 v = get_crypt_password(v)
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	91 if k == 'firstname':
6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	92 k = 'name'
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	93 setattr(new_user, k, v)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	94
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	95 new_user.api_key = generate_api_key(form_data['username'])
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	96 self.sa.add(new_user)
1586 2ccb32ddcfd7 Add API for repositories and groups (creation, permission) Nicolas VINOT <aeris@imirhil.fr> parents: 1417 diff changeset	97 return new_user
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	98 except:
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	99 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	100 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	101
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	102 def create_or_update(self, username, password, email, firstname='',
388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	103 lastname='', active=True, admin=False, ldap_dn=None):
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	104 """
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	105 Creates a new instance if not found, or updates current one
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	106
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	107 :param username:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	108 :param password:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	109 :param email:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	110 :param active:
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	111 :param firstname:
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	112 :param lastname:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	113 :param active:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	114 :param admin:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	115 :param ldap_dn:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	116 """
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	117
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	118 from rhodecode.lib.auth import get_crypt_password
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	119
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	120 log.debug('Checking for %s account in RhodeCode database' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	121 user = User.get_by_username(username, case_insensitive=True)
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	122 if user is None:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	123 log.debug('creating new user %s' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	124 new_user = User()
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	125 edit = False
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	126 else:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	127 log.debug('updating user %s' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	128 new_user = user
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	129 edit = True
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	130
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	131 try:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	132 new_user.username = username
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	133 new_user.admin = admin
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	134 # set password only if creating an user or password is changed
3625 260a7a01b054 follow Python conventions for boolean values Mads Kiilerich <madski@unity3d.com> parents: 3417 diff changeset	135 if not edit or user.password != password:
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	136 new_user.password = get_crypt_password(password)
388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	137 new_user.api_key = generate_api_key(username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	138 new_user.email = email
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	139 new_user.active = active
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	140 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	141 new_user.name = firstname
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	142 new_user.lastname = lastname
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	143 self.sa.add(new_user)
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	144 return new_user
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	145 except (DatabaseError,):
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	146 log.error(traceback.format_exc())
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	147 raise
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	148
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	149 def create_for_container_auth(self, username, attrs):
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	150 """
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	151 Creates the given user if it's not already in the database
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	152
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	153 :param username:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	154 :param attrs:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	155 """
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	156 if self.get_by_username(username, case_insensitive=True) is None:
1690 6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	157
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	158 # autogenerate email for container account without one
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	159 generate_email = lambda usr: '%s@container_auth.account' % usr
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	160
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	161 try:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	162 new_user = User()
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	163 new_user.username = username
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	164 new_user.password = None
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	165 new_user.api_key = generate_api_key(username)
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	166 new_user.email = attrs['email']
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	167 new_user.active = attrs.get('active', True)
1690 6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	168 new_user.name = attrs['name'] or generate_email(username)
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	169 new_user.lastname = attrs['lastname']
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	170
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	171 self.sa.add(new_user)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	172 return new_user
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	173 except (DatabaseError,):
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	174 log.error(traceback.format_exc())
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	175 self.sa.rollback()
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	176 raise
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	177 log.debug('User %s already exists. Skipping creation of account'
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	178 ' for container auth.', username)
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	179 return None
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	180
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	181 def create_ldap(self, username, password, user_dn, attrs):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	182 """
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	183 Checks if user is in database, if not creates this user marked
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	184 as ldap user
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	185
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	186 :param username:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	187 :param password:
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	188 :param user_dn:
b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	189 :param attrs:
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	190 """
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	191 from rhodecode.lib.auth import get_crypt_password
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	192 log.debug('Checking for such ldap account in RhodeCode database')
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	193 if self.get_by_username(username, case_insensitive=True) is None:
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	194
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	195 # autogenerate email for ldap account without one
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	196 generate_email = lambda usr: '%s@ldap.account' % usr
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	197
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	198 try:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	199 new_user = User()
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	200 username = username.lower()
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	201 # add ldap account always lowercase
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	202 new_user.username = username
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	203 new_user.password = get_crypt_password(password)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	204 new_user.api_key = generate_api_key(username)
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	205 new_user.email = attrs['email'] or generate_email(username)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	206 new_user.active = attrs.get('active', True)
1516 582686d76cb6 fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation Marcin Kuzminski <marcin@python-works.com> parents: 1417 diff changeset	207 new_user.ldap_dn = safe_unicode(user_dn)
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	208 new_user.name = attrs['name']
b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	209 new_user.lastname = attrs['lastname']
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	210
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	211 self.sa.add(new_user)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	212 return new_user
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	213 except (DatabaseError,):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	214 log.error(traceback.format_exc())
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	215 self.sa.rollback()
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	216 raise
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	217 log.debug('this %s user exists skipping creation of ldap account',
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	218 username)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	219 return None
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	220
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	221 def create_registration(self, form_data):
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	222 from rhodecode.model.notification import NotificationModel
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	223
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	224 try:
2248 72542dc597be fixed issue with empty APIKEYS on registration #438 Marcin Kuzminski <marcin@python-works.com> parents: 2186 diff changeset	225 form_data['admin'] = False
72542dc597be fixed issue with empty APIKEYS on registration #438 Marcin Kuzminski <marcin@python-works.com> parents: 2186 diff changeset	226 new_user = self.create(form_data)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	227
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	228 self.sa.add(new_user)
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	229 self.sa.flush()
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	230
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	231 # notification to admins
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	232 subject = _('new user registration')
689 ecc566f8b69f fixes #59, notifications for user registrations + some changes to mailer Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	233 body = ('New user registration\n'
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	234 '---------------------\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	235 '- Username: %s\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	236 '- Full Name: %s\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	237 '- Email: %s\n')
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	238 body = body % (new_user.username, new_user.full_name,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	239 new_user.email)
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	240 edit_url = url('edit_user', id=new_user.user_id, qualified=True)
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	241 kw = {'registered_user_url': edit_url}
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	242 NotificationModel().create(created_by=new_user, subject=subject,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	243 body=body, recipients=None,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	244 type_=Notification.TYPE_REGISTRATION,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	245 email_kwargs=kw)
689 ecc566f8b69f fixes #59, notifications for user registrations + some changes to mailer Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	246
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	247 except:
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	248 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	249 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	250
3021 b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	251 def update(self, user_id, form_data, skip_attrs=[]):
2488 b5b34d71b23b fix crypt password on update my account Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	252 from rhodecode.lib.auth import get_crypt_password
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	253 try:
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	254 user = self.get(user_id, cache=False)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	255 if user.username == 'default':
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	256 raise DefaultUserException(
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	257 _("You can't Edit this user since it's"
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	258 " crucial for entire application"))
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	259
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	260 for k, v in form_data.items():
3021 b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	261 if k in skip_attrs:
b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	262 continue
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	263 if k == 'new_password' and v:
2488 b5b34d71b23b fix crypt password on update my account Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	264 user.password = get_crypt_password(v)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	265 user.api_key = generate_api_key(user.username)
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	266 else:
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	267 if k == 'firstname':
6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	268 k = 'name'
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	269 setattr(user, k, v)
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	270 self.sa.add(user)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	271 except:
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	272 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	273 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	274
2657 001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	275 def update_user(self, user, **kwargs):
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	276 from rhodecode.lib.auth import get_crypt_password
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	277 try:
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	278 user = self._get_user(user)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	279 if user.username == 'default':
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	280 raise DefaultUserException(
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	281 _("You can't Edit this user since it's"
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	282 " crucial for entire application")
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	283 )
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	284
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	285 for k, v in kwargs.items():
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	286 if k == 'password' and v:
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	287 v = get_crypt_password(v)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	288 user.api_key = generate_api_key(user.username)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	289
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	290 setattr(user, k, v)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	291 self.sa.add(user)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	292 return user
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	293 except:
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	294 log.error(traceback.format_exc())
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	295 raise
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	296
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	297 def delete(self, user):
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	298 user = self._get_user(user)
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	299
265 0e5455fda8fd Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 252 diff changeset	300 try:
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	301 if user.username == 'default':
0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	302 raise DefaultUserException(
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	303 _(u"You can't remove this user since it's"
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	304 " crucial for entire application")
273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	305 )
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	306 if user.repositories:
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	307 repos = [x.repo_name for x in user.repositories]
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	308 raise UserOwnsReposException(
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	309 _(u'user "%s" still owns %s repositories and cannot be '
fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	310 'removed. Switch owners or remove those repositories. %s')
fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	311 % (user.username, len(repos), ', '.join(repos))
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	312 )
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	313 self.sa.delete(user)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	314 except:
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	315 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	316 raise
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	317
1417 5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	318 def reset_password_link(self, data):
5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	319 from rhodecode.lib.celerylib import tasks, run_task
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	320 from rhodecode.model.notification import EmailNotificationModel
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	321 user_email = data['email']
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	322 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	323 user = User.get_by_email(user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	324 if user:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	325 log.debug('password reset user found %s' % user)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	326 link = url('reset_password_confirmation', key=user.api_key,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	327 qualified=True)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	328 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	329 body = EmailNotificationModel().get_email_tmpl(reg_type,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	330 **{'user': user.short_contact,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	331 'reset_url': link})
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	332 log.debug('sending email')
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	333 run_task(tasks.send_email, user_email,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	334 _("password reset link"), body, body)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	335 log.info('send new password mail to %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	336 else:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	337 log.debug("password reset email %s not found" % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	338 except:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	339 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	340 return False
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	341
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	342 return True
1417 5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	343
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	344 def reset_password(self, data):
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	345 from rhodecode.lib.celerylib import tasks, run_task
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	346 from rhodecode.lib import auth
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	347 user_email = data['email']
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	348 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	349 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	350 user = User.get_by_email(user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	351 new_passwd = auth.PasswordGenerator().gen_password(8,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	352 auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	353 if user:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	354 user.password = auth.get_crypt_password(new_passwd)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	355 user.api_key = auth.generate_api_key(user.username)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	356 Session().add(user)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	357 Session().commit()
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	358 log.info('change password for %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	359 if new_passwd is None:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	360 raise Exception('unable to generate new password')
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	361 except:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	362 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	363 Session().rollback()
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	364
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	365 run_task(tasks.send_email, user_email,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	366 _('Your new password'),
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	367 _('Your new RhodeCode password:%s') % (new_passwd))
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	368 log.info('send new password mail to %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	369
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	370 except:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	371 log.error('Failed to update user password')
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	372 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	373
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	374 return True
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	375
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	376 def fill_data(self, auth_user, user_id=None, api_key=None):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	377 """
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	378 Fetches auth_user by user_id,or api_key if present.
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	379 Fills auth_user attributes with those taken from database.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	380 Additionally set's is_authenitated if lookup fails
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	381 present in database
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	382
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	383 :param auth_user: instance of user to set attributes
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	384 :param user_id: user id to fetch by
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	385 :param api_key: api key to fetch by
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	386 """
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	387 if user_id is None and api_key is None:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	388 raise Exception('You need to pass user_id or api_key')
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	389
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	390 try:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	391 if api_key:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	392 dbuser = self.get_by_api_key(api_key)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	393 else:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	394 dbuser = self.get(user_id)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	395
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	396 if dbuser is not None and dbuser.active:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	397 log.debug('filling %s data' % dbuser)
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	398 for k, v in dbuser.get_dict().items():
a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	399 setattr(auth_user, k, v)
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	400 else:
9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	401 return False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	402
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	403 except:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	404 log.error(traceback.format_exc())
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	405 auth_user.is_authenticated = False
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	406 return False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	407
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	408 return True
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	409
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	410 def fill_perms(self, user, explicit=True, algo='higherwin'):
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	411 """
2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	412 Fills user permission attribute with permissions taken from database
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	413 works for permissions given for repositories, and for permissions that
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	414 are granted to groups
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	415
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	416 :param user: user instance to fill his perms
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	417 :param explicit: In case there are permissions both for user and a group
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	418 that user is part of, explicit flag will defiine if user will
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	419 explicitly override permissions from group, if it's False it will
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	420 make decision based on the algo
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	421 :param algo: algorithm to decide what permission should be choose if
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	422 it's multiple defined, eg user in two different groups. It also
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	423 decides if explicit flag is turned off how to specify the permission
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	424 for case when user is in a group + have defined separate permission
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	425 """
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	426 RK = 'repositories'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	427 GK = 'repositories_groups'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	428 GLOBAL = 'global'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	429 user.permissions[RK] = {}
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	430 user.permissions[GK] = {}
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	431 user.permissions[GLOBAL] = set()
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	432
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	433 def _choose_perm(new_perm, cur_perm):
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	434 new_perm_val = PERM_WEIGHTS[new_perm]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	435 cur_perm_val = PERM_WEIGHTS[cur_perm]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	436 if algo == 'higherwin':
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	437 if new_perm_val > cur_perm_val:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	438 return new_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	439 return cur_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	440 elif algo == 'lowerwin':
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	441 if new_perm_val < cur_perm_val:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	442 return new_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	443 return cur_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	444
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	445 #======================================================================
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	446 # fetch default permissions
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	447 #======================================================================
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	448 default_user = User.get_by_username('default', cache=True)
07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	449 default_user_id = default_user.user_id
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	450
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	451 default_repo_perms = Permission.get_default_perms(default_user_id)
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	452 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	453
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	454 if user.is_admin:
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	455 #==================================================================
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	456 # admin user have all default rights for repositories
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	457 # and groups set to admin
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	458 #==================================================================
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	459 user.permissions[GLOBAL].add('hg.admin')
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	460
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	461 # repositories
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	462 for perm in default_repo_perms:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	463 r_k = perm.UserRepoToPerm.repository.repo_name
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	464 p = 'repository.admin'
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	465 user.permissions[RK][r_k] = p
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	466
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	467 # repository groups
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	468 for perm in default_repo_groups_perms:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	469 rg_k = perm.UserRepoGroupToPerm.group.group_name
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	470 p = 'group.admin'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	471 user.permissions[GK][rg_k] = p
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	472 return user
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	473
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	474 #==================================================================
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	475 # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	476 #==================================================================
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	477 uid = user.user_id
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	478
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	479 # default global permissions taken fron the default user
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	480 default_global_perms = self.sa.query(UserToPerm)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	481 .filter(UserToPerm.user_id == default_user_id)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	482
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	483 for perm in default_global_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	484 user.permissions[GLOBAL].add(perm.permission.permission_name)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	485
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	486 # defaults for repositories, taken from default user
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	487 for perm in default_repo_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	488 r_k = perm.UserRepoToPerm.repository.repo_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	489 if perm.Repository.private and not (perm.Repository.user_id == uid):
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	490 # disable defaults for private repos,
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	491 p = 'repository.none'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	492 elif perm.Repository.user_id == uid:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	493 # set admin if owner
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	494 p = 'repository.admin'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	495 else:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	496 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	497
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	498 user.permissions[RK][r_k] = p
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	499
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	500 # defaults for repository groups taken from default user permission
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	501 # on given group
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	502 for perm in default_repo_groups_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	503 rg_k = perm.UserRepoGroupToPerm.group.group_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	504 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	505 user.permissions[GK][rg_k] = p
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	506
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	507 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	508 # !! OVERRIDE GLOBALS !! with user permissions if any found
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	509 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	510 # those can be configured from groups or users explicitly
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	511 _configurable = set(['hg.fork.none', 'hg.fork.repository',
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	512 'hg.create.none', 'hg.create.repository'])
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	513
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	514 # USER GROUPS comes first
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	515 # user group global permissions
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	516 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	517 .options(joinedload(UserGroupToPerm.permission))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	518 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	519 UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	520 .filter(UserGroupMember.user_id == uid)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	521 .order_by(UserGroupToPerm.users_group_id)\
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	522 .all()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	523 #need to group here by groups since user can be in more than one group
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	524 _grouped = [[x, list(y)] for x, y in
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	525 itertools.groupby(user_perms_from_users_groups,
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	526 lambda x:x.users_group)]
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	527 for gr, perms in _grouped:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	528 # since user can be in multiple groups iterate over them and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	529 # select the lowest permissions first (more explicit)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	530 ##TODO: do this^^
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	531 if not gr.inherit_default_permissions:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	532 # NEED TO IGNORE all configurable permissions and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	533 # replace them with explicitly set
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	534 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	535 .difference(_configurable)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	536 for perm in perms:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	537 user.permissions[GLOBAL].add(perm.permission.permission_name)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	538
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	539 # user specific global permissions
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	540 user_perms = self.sa.query(UserToPerm)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	541 .options(joinedload(UserToPerm.permission))\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	542 .filter(UserToPerm.user_id == uid).all()
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	543
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	544 if not user.inherit_default_permissions:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	545 # NEED TO IGNORE all configurable permissions and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	546 # replace them with explicitly set
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	547 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	548 .difference(_configurable)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	549
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	550 for perm in user_perms:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	551 user.permissions[GLOBAL].add(perm.permission.permission_name)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	552
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	553 #======================================================================
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	554 # !! PERMISSIONS FOR REPOSITORIES !!
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	555 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	556 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	557 # check if user is part of user groups for this repository and
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	558 # fill in his permission from it. _choose_perm decides of which
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	559 # permission should be selected based on selected method
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	560 #======================================================================
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	561
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	562 # user group for repositories permissions
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	563 user_repo_perms_from_users_groups = \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	564 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	565 .join((Repository, UserGroupRepoToPerm.repository_id ==
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	566 Repository.repo_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	567 .join((Permission, UserGroupRepoToPerm.permission_id ==
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	568 Permission.permission_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	569 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	570 UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	571 .filter(UserGroupMember.user_id == uid)\
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	572 .all()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	573
3096 69b25f1b0b45 switch to defaultdict for counter implementation Marcin Kuzminski <marcin@python-works.com> parents: 3094 diff changeset	574 multiple_counter = collections.defaultdict(int)
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	575 for perm in user_repo_perms_from_users_groups:
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	576 r_k = perm.UserGroupRepoToPerm.repository.repo_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	577 multiple_counter[r_k] += 1
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	578 p = perm.Permission.permission_name
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	579 cur_perm = user.permissions[RK][r_k]
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	580
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	581 if perm.Repository.user_id == uid:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	582 # set admin if owner
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	583 p = 'repository.admin'
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	584 else:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	585 if multiple_counter[r_k] > 1:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	586 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	587 user.permissions[RK][r_k] = p
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	588
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	589 # user explicit permissions for repositories, overrides any specified
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	590 # by the group permission
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	591 user_repo_perms = \
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	592 self.sa.query(UserRepoToPerm, Permission, Repository)\
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	593 .join((Repository, UserRepoToPerm.repository_id ==
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	594 Repository.repo_id))\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	595 .join((Permission, UserRepoToPerm.permission_id ==
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	596 Permission.permission_id))\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	597 .filter(UserRepoToPerm.user_id == uid)\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	598 .all()
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	599
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	600 for perm in user_repo_perms:
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	601 r_k = perm.UserRepoToPerm.repository.repo_name
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	602 cur_perm = user.permissions[RK][r_k]
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	603 # set admin if owner
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	604 if perm.Repository.user_id == uid:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	605 p = 'repository.admin'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	606 else:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	607 p = perm.Permission.permission_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	608 if not explicit:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	609 p = _choose_perm(p, cur_perm)
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	610 user.permissions[RK][r_k] = p
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	611
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	612 #======================================================================
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	613 # !! PERMISSIONS FOR REPOSITORY GROUPS !!
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	614 #======================================================================
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	615 #======================================================================
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	616 # check if user is part of user groups for this repository groups and
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	617 # fill in his permission from it. _choose_perm decides of which
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	618 # permission should be selected based on selected method
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	619 #======================================================================
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	620 # user group for repo groups permissions
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	621 user_repo_group_perms_from_users_groups = \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	622 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	623 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	624 .join((Permission, UserGroupRepoGroupToPerm.permission_id
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	625 == Permission.permission_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	626 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	627 == UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	628 .filter(UserGroupMember.user_id == uid)\
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	629 .all()
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	630
3096 69b25f1b0b45 switch to defaultdict for counter implementation Marcin Kuzminski <marcin@python-works.com> parents: 3094 diff changeset	631 multiple_counter = collections.defaultdict(int)
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	632 for perm in user_repo_group_perms_from_users_groups:
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	633 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	634 multiple_counter[g_k] += 1
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	635 p = perm.Permission.permission_name
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	636 cur_perm = user.permissions[GK][g_k]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	637 if multiple_counter[g_k] > 1:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	638 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	639 user.permissions[GK][g_k] = p
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	640
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	641 # user explicit permissions for repository groups
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	642 user_repo_groups_perms = \
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	643 self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	644 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	645 .join((Permission, UserRepoGroupToPerm.permission_id
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	646 == Permission.permission_id))\
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	647 .filter(UserRepoGroupToPerm.user_id == uid)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	648 .all()
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	649
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	650 for perm in user_repo_groups_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	651 rg_k = perm.UserRepoGroupToPerm.group.group_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	652 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	653 cur_perm = user.permissions[GK][rg_k]
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	654 if not explicit:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	655 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	656 user.permissions[GK][rg_k] = p
2129 43481c3d70ca #399 added inheritance of permissions for users group on repos groups Marcin Kuzminski <marcin@python-works.com> parents: 2124 diff changeset	657
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	658 return user
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	659
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	660 def has_perm(self, user, perm):
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	661 perm = self._get_perm(perm)
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	662 user = self._get_user(user)
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	663
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	664 return UserToPerm.query().filter(UserToPerm.user == user)\
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	665 .filter(UserToPerm.permission == perm).scalar() is not None
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	666
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	667 def grant_perm(self, user, perm):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	668 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	669 Grant user global permissions
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	670
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	671 :param user:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	672 :param perm:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	673 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	674 user = self._get_user(user)
d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	675 perm = self._get_perm(perm)
2078 d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	676 # if this permission is already granted skip it
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	677 _perm = UserToPerm.query()\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	678 .filter(UserToPerm.user == user)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	679 .filter(UserToPerm.permission == perm)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	680 .scalar()
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	681 if _perm:
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	682 return
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	683 new = UserToPerm()
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	684 new.user = user
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	685 new.permission = perm
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	686 self.sa.add(new)
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	687
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	688 def revoke_perm(self, user, perm):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	689 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	690 Revoke users global permissions
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	691
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	692 :param user:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	693 :param perm:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	694 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	695 user = self._get_user(user)
d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	696 perm = self._get_perm(perm)
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	697
2078 d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	698 obj = UserToPerm.query()\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	699 .filter(UserToPerm.user == user)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	700 .filter(UserToPerm.permission == perm)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	701 .scalar()
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	702 if obj:
a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	703 self.sa.delete(obj)
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	704
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	705 def add_extra_email(self, user, email):
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	706 """
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	707 Adds email address to UserEmailMap
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	708
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	709 :param user:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	710 :param email:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	711 """
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	712 from rhodecode.model import forms
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	713 form = forms.UserExtraEmailForm()()
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	714 data = form.to_python(dict(email=email))
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	715 user = self._get_user(user)
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	716
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	717 obj = UserEmailMap()
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	718 obj.user = user
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	719 obj.email = data['email']
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	720 self.sa.add(obj)
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	721 return obj
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	722
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	723 def delete_extra_email(self, user, email_id):
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	724 """
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	725 Removes email address from UserEmailMap
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	726
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	727 :param user:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	728 :param email_id:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	729 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	730 user = self._get_user(user)
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	731 obj = UserEmailMap.query().get(email_id)
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	732 if obj:
2478 8eab81115660 white space cleanup Marcin Kuzminski <marcin@python-works.com> parents: 2467 diff changeset	733 self.sa.delete(obj)
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	734
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	735 def add_extra_ip(self, user, ip):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	736 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	737 Adds ip address to UserIpMap
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	738
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	739 :param user:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	740 :param ip:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	741 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	742 from rhodecode.model import forms
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	743 form = forms.UserExtraIpForm()()
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	744 data = form.to_python(dict(ip=ip))
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	745 user = self._get_user(user)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	746
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	747 obj = UserIpMap()
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	748 obj.user = user
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	749 obj.ip_addr = data['ip']
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	750 self.sa.add(obj)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	751 return obj
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	752
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	753 def delete_extra_ip(self, user, ip_id):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	754 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	755 Removes ip address from UserIpMap
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	756
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	757 :param user:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	758 :param ip_id:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	759 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	760 user = self._get_user(user)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	761 obj = UserIpMap.query().get(ip_id)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	762 if obj:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	763 self.sa.delete(obj)

Mercurial > kallithea

annotate rhodecode/model/user.py @ 3625:260a7a01b054 beta