Mercurial > kallithea
annotate rhodecode/model/user.py @ 3625:260a7a01b054 beta
follow Python conventions for boolean values
True and False might be singletons and the "default" values for "boolean"
expressions, but "all" values in Python has a boolean value and should be
evaluated as such. Checking with 'is True' and 'is False' is thus confusing,
error prone and unnessarily complex.
If we anywhere rely and nullable boolean fields from the database layer and
don't want the null value to be treated as False then we should check
explicitly for null with 'is None'.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Thu, 28 Mar 2013 01:10:45 +0100 |
parents | fa6ba6727475 |
children | 10b4e34841a4 |
rev | line source |
---|---|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
1 # -*- coding: utf-8 -*- |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
2 """ |
956
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
3 rhodecode.model.user |
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~ |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
5 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
6 users model for RhodeCode |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
7 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
8 :created_on: Apr 9, 2010 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
9 :author: marcink |
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
12 """ |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
17 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
21 # GNU General Public License for more details. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
22 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
25 |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
26 import logging |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
27 import traceback |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
28 import itertools |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
29 import collections |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
30 from pylons import url |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
31 from pylons.i18n.translation import _ |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
32 |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
33 from sqlalchemy.exc import DatabaseError |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
34 from sqlalchemy.orm import joinedload |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
35 |
2109 | 36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key |
1669
f522f4d3bf93
moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents:
1634
diff
changeset
|
37 from rhodecode.lib.caching_query import FromCache |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
38 from rhodecode.model import BaseModel |
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1628
diff
changeset
|
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \ |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
42 UserEmailMap, UserIpMap |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
43 from rhodecode.lib.exceptions import DefaultUserException, \ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
44 UserOwnsReposException |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
45 from rhodecode.model.meta import Session |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
46 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
47 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
48 log = logging.getLogger(__name__) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
49 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
50 PERM_WEIGHTS = Permission.PERM_WEIGHTS |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
51 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
52 |
752
89b9037d68b7
fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents:
750
diff
changeset
|
53 class UserModel(BaseModel): |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
54 cls = User |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1713
diff
changeset
|
55 |
1594 | 56 def get(self, user_id, cache=False): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
57 user = self.sa.query(User) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
58 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
59 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
60 "get_user_%s" % user_id)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
61 return user.get(user_id) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
62 |
2009 | 63 def get_user(self, user): |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
64 return self._get_user(user) |
2009 | 65 |
1594 | 66 def get_by_username(self, username, cache=False, case_insensitive=False): |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
67 |
742
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
68 if case_insensitive: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
69 user = self.sa.query(User).filter(User.username.ilike(username)) |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
70 else: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
71 user = self.sa.query(User)\ |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
72 .filter(User.username == username) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
73 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
74 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
75 "get_user_%s" % username)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
76 return user.scalar() |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
77 |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
78 def get_by_email(self, email, cache=False, case_insensitive=False): |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
79 return User.get_by_email(email, case_insensitive, cache) |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
80 |
1594 | 81 def get_by_api_key(self, api_key, cache=False): |
1693
60249224be04
fix for api key lookup, reuse same function in user model
Marcin Kuzminski <marcin@python-works.com>
parents:
1690
diff
changeset
|
82 return User.get_by_api_key(api_key, cache) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
83 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
84 def create(self, form_data): |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
85 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
86 try: |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
87 new_user = User() |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
88 for k, v in form_data.items(): |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
89 if k == 'password': |
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
90 v = get_crypt_password(v) |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
91 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
92 k = 'name' |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
93 setattr(new_user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
94 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
95 new_user.api_key = generate_api_key(form_data['username']) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
96 self.sa.add(new_user) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
1417
diff
changeset
|
97 return new_user |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
98 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
99 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
100 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
101 |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
102 def create_or_update(self, username, password, email, firstname='', |
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
103 lastname='', active=True, admin=False, ldap_dn=None): |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
104 """ |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
105 Creates a new instance if not found, or updates current one |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
106 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
107 :param username: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
108 :param password: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
109 :param email: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
110 :param active: |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
111 :param firstname: |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
112 :param lastname: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
113 :param active: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
114 :param admin: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
115 :param ldap_dn: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
116 """ |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
117 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
118 from rhodecode.lib.auth import get_crypt_password |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
119 |
1976 | 120 log.debug('Checking for %s account in RhodeCode database' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
121 user = User.get_by_username(username, case_insensitive=True) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
122 if user is None: |
1976 | 123 log.debug('creating new user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
124 new_user = User() |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
125 edit = False |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
126 else: |
1976 | 127 log.debug('updating user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
128 new_user = user |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
129 edit = True |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
130 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
131 try: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
132 new_user.username = username |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
133 new_user.admin = admin |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
134 # set password only if creating an user or password is changed |
3625
260a7a01b054
follow Python conventions for boolean values
Mads Kiilerich <madski@unity3d.com>
parents:
3417
diff
changeset
|
135 if not edit or user.password != password: |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
136 new_user.password = get_crypt_password(password) |
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
137 new_user.api_key = generate_api_key(username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
138 new_user.email = email |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
139 new_user.active = active |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
140 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
141 new_user.name = firstname |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
142 new_user.lastname = lastname |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
143 self.sa.add(new_user) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
144 return new_user |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
145 except (DatabaseError,): |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
146 log.error(traceback.format_exc()) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
147 raise |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
148 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
149 def create_for_container_auth(self, username, attrs): |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
150 """ |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
151 Creates the given user if it's not already in the database |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
152 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
153 :param username: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
154 :param attrs: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
155 """ |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
156 if self.get_by_username(username, case_insensitive=True) is None: |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
157 |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
158 # autogenerate email for container account without one |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
159 generate_email = lambda usr: '%s@container_auth.account' % usr |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
160 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
161 try: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
162 new_user = User() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
163 new_user.username = username |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
164 new_user.password = None |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
165 new_user.api_key = generate_api_key(username) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
166 new_user.email = attrs['email'] |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
167 new_user.active = attrs.get('active', True) |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
168 new_user.name = attrs['name'] or generate_email(username) |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
169 new_user.lastname = attrs['lastname'] |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
170 |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
171 self.sa.add(new_user) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
172 return new_user |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
173 except (DatabaseError,): |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
174 log.error(traceback.format_exc()) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
175 self.sa.rollback() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
176 raise |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
177 log.debug('User %s already exists. Skipping creation of account' |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
178 ' for container auth.', username) |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
179 return None |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
180 |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
181 def create_ldap(self, username, password, user_dn, attrs): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
182 """ |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
183 Checks if user is in database, if not creates this user marked |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
184 as ldap user |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
185 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
186 :param username: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
187 :param password: |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
188 :param user_dn: |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
189 :param attrs: |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
190 """ |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
191 from rhodecode.lib.auth import get_crypt_password |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
192 log.debug('Checking for such ldap account in RhodeCode database') |
1594 | 193 if self.get_by_username(username, case_insensitive=True) is None: |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
194 |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
195 # autogenerate email for ldap account without one |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
196 generate_email = lambda usr: '%s@ldap.account' % usr |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
197 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
198 try: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
199 new_user = User() |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
200 username = username.lower() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
201 # add ldap account always lowercase |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
202 new_user.username = username |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
203 new_user.password = get_crypt_password(password) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
204 new_user.api_key = generate_api_key(username) |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
205 new_user.email = attrs['email'] or generate_email(username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
206 new_user.active = attrs.get('active', True) |
1516
582686d76cb6
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1417
diff
changeset
|
207 new_user.ldap_dn = safe_unicode(user_dn) |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
208 new_user.name = attrs['name'] |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
209 new_user.lastname = attrs['lastname'] |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
210 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
211 self.sa.add(new_user) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
212 return new_user |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
213 except (DatabaseError,): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
214 log.error(traceback.format_exc()) |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
215 self.sa.rollback() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
216 raise |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
217 log.debug('this %s user exists skipping creation of ldap account', |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
218 username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
219 return None |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
220 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
221 def create_registration(self, form_data): |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
222 from rhodecode.model.notification import NotificationModel |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
223 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
224 try: |
2248
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
225 form_data['admin'] = False |
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
226 new_user = self.create(form_data) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
227 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
228 self.sa.add(new_user) |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
229 self.sa.flush() |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
230 |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
231 # notification to admins |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
232 subject = _('new user registration') |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
233 body = ('New user registration\n' |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
234 '---------------------\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
235 '- Username: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
236 '- Full Name: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
237 '- Email: %s\n') |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
238 body = body % (new_user.username, new_user.full_name, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
239 new_user.email) |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
240 edit_url = url('edit_user', id=new_user.user_id, qualified=True) |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
241 kw = {'registered_user_url': edit_url} |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
242 NotificationModel().create(created_by=new_user, subject=subject, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
243 body=body, recipients=None, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
244 type_=Notification.TYPE_REGISTRATION, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
245 email_kwargs=kw) |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
246 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
247 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
248 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
249 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
250 |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
251 def update(self, user_id, form_data, skip_attrs=[]): |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
252 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
253 try: |
1594 | 254 user = self.get(user_id, cache=False) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
255 if user.username == 'default': |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
256 raise DefaultUserException( |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
257 _("You can't Edit this user since it's" |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
258 " crucial for entire application")) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
259 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
260 for k, v in form_data.items(): |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
261 if k in skip_attrs: |
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
262 continue |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
263 if k == 'new_password' and v: |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
264 user.password = get_crypt_password(v) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
265 user.api_key = generate_api_key(user.username) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
266 else: |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
267 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
268 k = 'name' |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
269 setattr(user, k, v) |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
270 self.sa.add(user) |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
271 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
272 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
273 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
274 |
2657
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
275 def update_user(self, user, **kwargs): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
276 from rhodecode.lib.auth import get_crypt_password |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
277 try: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
278 user = self._get_user(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
279 if user.username == 'default': |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
280 raise DefaultUserException( |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
281 _("You can't Edit this user since it's" |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
282 " crucial for entire application") |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
283 ) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
284 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
285 for k, v in kwargs.items(): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
286 if k == 'password' and v: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
287 v = get_crypt_password(v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
288 user.api_key = generate_api_key(user.username) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
289 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
290 setattr(user, k, v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
291 self.sa.add(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
292 return user |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
293 except: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
294 log.error(traceback.format_exc()) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
295 raise |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
296 |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
297 def delete(self, user): |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
298 user = self._get_user(user) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
299 |
265
0e5455fda8fd
Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
252
diff
changeset
|
300 try: |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
301 if user.username == 'default': |
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
302 raise DefaultUserException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
303 _(u"You can't remove this user since it's" |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
304 " crucial for entire application") |
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
305 ) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
306 if user.repositories: |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
307 repos = [x.repo_name for x in user.repositories] |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
308 raise UserOwnsReposException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
309 _(u'user "%s" still owns %s repositories and cannot be ' |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
310 'removed. Switch owners or remove those repositories. %s') |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
311 % (user.username, len(repos), ', '.join(repos)) |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
312 ) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
313 self.sa.delete(user) |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
314 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
315 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
316 raise |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
317 |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
318 def reset_password_link(self, data): |
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
319 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
320 from rhodecode.model.notification import EmailNotificationModel |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
321 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
322 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
323 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
324 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
325 log.debug('password reset user found %s' % user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
326 link = url('reset_password_confirmation', key=user.api_key, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
327 qualified=True) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
328 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
329 body = EmailNotificationModel().get_email_tmpl(reg_type, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
330 **{'user': user.short_contact, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
331 'reset_url': link}) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
332 log.debug('sending email') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
333 run_task(tasks.send_email, user_email, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
334 _("password reset link"), body, body) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
335 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
336 else: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
337 log.debug("password reset email %s not found" % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
338 except: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
339 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
340 return False |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
341 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
342 return True |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
343 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
344 def reset_password(self, data): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
345 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
346 from rhodecode.lib import auth |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
347 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
348 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
349 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
350 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
351 new_passwd = auth.PasswordGenerator().gen_password(8, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
352 auth.PasswordGenerator.ALPHABETS_BIG_SMALL) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
353 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
354 user.password = auth.get_crypt_password(new_passwd) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
355 user.api_key = auth.generate_api_key(user.username) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
356 Session().add(user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
357 Session().commit() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
358 log.info('change password for %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
359 if new_passwd is None: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
360 raise Exception('unable to generate new password') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
361 except: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
362 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
363 Session().rollback() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
364 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
365 run_task(tasks.send_email, user_email, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
366 _('Your new password'), |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
367 _('Your new RhodeCode password:%s') % (new_passwd)) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
368 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
369 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
370 except: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
371 log.error('Failed to update user password') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
372 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
373 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
374 return True |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
375 |
1594 | 376 def fill_data(self, auth_user, user_id=None, api_key=None): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
377 """ |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
378 Fetches auth_user by user_id,or api_key if present. |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
379 Fills auth_user attributes with those taken from database. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
380 Additionally set's is_authenitated if lookup fails |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
381 present in database |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
382 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
383 :param auth_user: instance of user to set attributes |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
384 :param user_id: user id to fetch by |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
385 :param api_key: api key to fetch by |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
386 """ |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
387 if user_id is None and api_key is None: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
388 raise Exception('You need to pass user_id or api_key') |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
389 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
390 try: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
391 if api_key: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
392 dbuser = self.get_by_api_key(api_key) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
393 else: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
394 dbuser = self.get(user_id) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
395 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
396 if dbuser is not None and dbuser.active: |
1976 | 397 log.debug('filling %s data' % dbuser) |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
398 for k, v in dbuser.get_dict().items(): |
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
399 setattr(auth_user, k, v) |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
400 else: |
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
401 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
402 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
403 except: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
404 log.error(traceback.format_exc()) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
405 auth_user.is_authenticated = False |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
406 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
407 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
408 return True |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
409 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
410 def fill_perms(self, user, explicit=True, algo='higherwin'): |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
411 """ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
412 Fills user permission attribute with permissions taken from database |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
413 works for permissions given for repositories, and for permissions that |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
414 are granted to groups |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
415 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
416 :param user: user instance to fill his perms |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
417 :param explicit: In case there are permissions both for user and a group |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
418 that user is part of, explicit flag will defiine if user will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
419 explicitly override permissions from group, if it's False it will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
420 make decision based on the algo |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
421 :param algo: algorithm to decide what permission should be choose if |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
422 it's multiple defined, eg user in two different groups. It also |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
423 decides if explicit flag is turned off how to specify the permission |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
424 for case when user is in a group + have defined separate permission |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
425 """ |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
426 RK = 'repositories' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
427 GK = 'repositories_groups' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
428 GLOBAL = 'global' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
429 user.permissions[RK] = {} |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
430 user.permissions[GK] = {} |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
431 user.permissions[GLOBAL] = set() |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
432 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
433 def _choose_perm(new_perm, cur_perm): |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
434 new_perm_val = PERM_WEIGHTS[new_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
435 cur_perm_val = PERM_WEIGHTS[cur_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
436 if algo == 'higherwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
437 if new_perm_val > cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
438 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
439 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
440 elif algo == 'lowerwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
441 if new_perm_val < cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
442 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
443 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
444 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
445 #====================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
446 # fetch default permissions |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
447 #====================================================================== |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
448 default_user = User.get_by_username('default', cache=True) |
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
449 default_user_id = default_user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
450 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
451 default_repo_perms = Permission.get_default_perms(default_user_id) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
452 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
453 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
454 if user.is_admin: |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
455 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
456 # admin user have all default rights for repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
457 # and groups set to admin |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
458 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
459 user.permissions[GLOBAL].add('hg.admin') |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
460 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
461 # repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
462 for perm in default_repo_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
463 r_k = perm.UserRepoToPerm.repository.repo_name |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
464 p = 'repository.admin' |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
465 user.permissions[RK][r_k] = p |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
466 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
467 # repository groups |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
468 for perm in default_repo_groups_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
469 rg_k = perm.UserRepoGroupToPerm.group.group_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
470 p = 'group.admin' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
471 user.permissions[GK][rg_k] = p |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
472 return user |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
473 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
474 #================================================================== |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
475 # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
476 #================================================================== |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
477 uid = user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
478 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
479 # default global permissions taken fron the default user |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
480 default_global_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
481 .filter(UserToPerm.user_id == default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
482 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
483 for perm in default_global_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
484 user.permissions[GLOBAL].add(perm.permission.permission_name) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
485 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
486 # defaults for repositories, taken from default user |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
487 for perm in default_repo_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
488 r_k = perm.UserRepoToPerm.repository.repo_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
489 if perm.Repository.private and not (perm.Repository.user_id == uid): |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
490 # disable defaults for private repos, |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
491 p = 'repository.none' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
492 elif perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
493 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
494 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
495 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
496 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
497 |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
498 user.permissions[RK][r_k] = p |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
499 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
500 # defaults for repository groups taken from default user permission |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
501 # on given group |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
502 for perm in default_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
503 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
504 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
505 user.permissions[GK][rg_k] = p |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
506 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
507 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
508 # !! OVERRIDE GLOBALS !! with user permissions if any found |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
509 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
510 # those can be configured from groups or users explicitly |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
511 _configurable = set(['hg.fork.none', 'hg.fork.repository', |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
512 'hg.create.none', 'hg.create.repository']) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
513 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
514 # USER GROUPS comes first |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
515 # user group global permissions |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
516 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
517 .options(joinedload(UserGroupToPerm.permission))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
518 .join((UserGroupMember, UserGroupToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
519 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
520 .filter(UserGroupMember.user_id == uid)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
521 .order_by(UserGroupToPerm.users_group_id)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
522 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
523 #need to group here by groups since user can be in more than one group |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
524 _grouped = [[x, list(y)] for x, y in |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
525 itertools.groupby(user_perms_from_users_groups, |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
526 lambda x:x.users_group)] |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
527 for gr, perms in _grouped: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
528 # since user can be in multiple groups iterate over them and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
529 # select the lowest permissions first (more explicit) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
530 ##TODO: do this^^ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
531 if not gr.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
532 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
533 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
534 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
535 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
536 for perm in perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
537 user.permissions[GLOBAL].add(perm.permission.permission_name) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
538 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
539 # user specific global permissions |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
540 user_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
541 .options(joinedload(UserToPerm.permission))\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
542 .filter(UserToPerm.user_id == uid).all() |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
543 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
544 if not user.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
545 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
546 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
547 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
548 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
549 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
550 for perm in user_perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
551 user.permissions[GLOBAL].add(perm.permission.permission_name) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
552 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
553 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
554 # !! PERMISSIONS FOR REPOSITORIES !! |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
555 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
556 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
557 # check if user is part of user groups for this repository and |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
558 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
559 # permission should be selected based on selected method |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
560 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
561 |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
562 # user group for repositories permissions |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
563 user_repo_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
564 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
565 .join((Repository, UserGroupRepoToPerm.repository_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
566 Repository.repo_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
567 .join((Permission, UserGroupRepoToPerm.permission_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
568 Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
569 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
570 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
571 .filter(UserGroupMember.user_id == uid)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
572 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
573 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
574 multiple_counter = collections.defaultdict(int) |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
575 for perm in user_repo_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
576 r_k = perm.UserGroupRepoToPerm.repository.repo_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
577 multiple_counter[r_k] += 1 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
578 p = perm.Permission.permission_name |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
579 cur_perm = user.permissions[RK][r_k] |
2864
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
580 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
581 if perm.Repository.user_id == uid: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
582 # set admin if owner |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
583 p = 'repository.admin' |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
584 else: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
585 if multiple_counter[r_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
586 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
587 user.permissions[RK][r_k] = p |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
588 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
589 # user explicit permissions for repositories, overrides any specified |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
590 # by the group permission |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
591 user_repo_perms = \ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
592 self.sa.query(UserRepoToPerm, Permission, Repository)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
593 .join((Repository, UserRepoToPerm.repository_id == |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
594 Repository.repo_id))\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
595 .join((Permission, UserRepoToPerm.permission_id == |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
596 Permission.permission_id))\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
597 .filter(UserRepoToPerm.user_id == uid)\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
598 .all() |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
599 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
600 for perm in user_repo_perms: |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
601 r_k = perm.UserRepoToPerm.repository.repo_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
602 cur_perm = user.permissions[RK][r_k] |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
603 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
604 if perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
605 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
606 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
607 p = perm.Permission.permission_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
608 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
609 p = _choose_perm(p, cur_perm) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
610 user.permissions[RK][r_k] = p |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
611 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
612 #====================================================================== |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
613 # !! PERMISSIONS FOR REPOSITORY GROUPS !! |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
614 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
615 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
616 # check if user is part of user groups for this repository groups and |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
617 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
618 # permission should be selected based on selected method |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
619 #====================================================================== |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
620 # user group for repo groups permissions |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
621 user_repo_group_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
622 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
623 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
624 .join((Permission, UserGroupRepoGroupToPerm.permission_id |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
625 == Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
626 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
627 == UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
628 .filter(UserGroupMember.user_id == uid)\ |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
629 .all() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
630 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
631 multiple_counter = collections.defaultdict(int) |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
632 for perm in user_repo_group_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
633 g_k = perm.UserGroupRepoGroupToPerm.group.group_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
634 multiple_counter[g_k] += 1 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
635 p = perm.Permission.permission_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
636 cur_perm = user.permissions[GK][g_k] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
637 if multiple_counter[g_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
638 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
639 user.permissions[GK][g_k] = p |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
640 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
641 # user explicit permissions for repository groups |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
642 user_repo_groups_perms = \ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
643 self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
644 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
645 .join((Permission, UserRepoGroupToPerm.permission_id |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
646 == Permission.permission_id))\ |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
647 .filter(UserRepoGroupToPerm.user_id == uid)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
648 .all() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
649 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
650 for perm in user_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
651 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
652 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
653 cur_perm = user.permissions[GK][rg_k] |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
654 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
655 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
656 user.permissions[GK][rg_k] = p |
2129
43481c3d70ca
#399 added inheritance of permissions for users group on repos groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2124
diff
changeset
|
657 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
658 return user |
1594 | 659 |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
660 def has_perm(self, user, perm): |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
661 perm = self._get_perm(perm) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
662 user = self._get_user(user) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
663 |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
664 return UserToPerm.query().filter(UserToPerm.user == user)\ |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
665 .filter(UserToPerm.permission == perm).scalar() is not None |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
666 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
667 def grant_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
668 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
669 Grant user global permissions |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
670 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
671 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
672 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
673 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
674 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
675 perm = self._get_perm(perm) |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
676 # if this permission is already granted skip it |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
677 _perm = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
678 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
679 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
680 .scalar() |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
681 if _perm: |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
682 return |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
683 new = UserToPerm() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
684 new.user = user |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
685 new.permission = perm |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
686 self.sa.add(new) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
687 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
688 def revoke_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
689 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
690 Revoke users global permissions |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
691 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
692 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
693 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
694 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
695 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
696 perm = self._get_perm(perm) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
697 |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
698 obj = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
699 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
700 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
701 .scalar() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
702 if obj: |
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
703 self.sa.delete(obj) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
704 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
705 def add_extra_email(self, user, email): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
706 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
707 Adds email address to UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
708 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
709 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
710 :param email: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
711 """ |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
712 from rhodecode.model import forms |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
713 form = forms.UserExtraEmailForm()() |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
714 data = form.to_python(dict(email=email)) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
715 user = self._get_user(user) |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
716 |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
717 obj = UserEmailMap() |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
718 obj.user = user |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
719 obj.email = data['email'] |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
720 self.sa.add(obj) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
721 return obj |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
722 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
723 def delete_extra_email(self, user, email_id): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
724 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
725 Removes email address from UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
726 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
727 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
728 :param email_id: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
729 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
730 user = self._get_user(user) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
731 obj = UserEmailMap.query().get(email_id) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
732 if obj: |
2478
8eab81115660
white space cleanup
Marcin Kuzminski <marcin@python-works.com>
parents:
2467
diff
changeset
|
733 self.sa.delete(obj) |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
734 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
735 def add_extra_ip(self, user, ip): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
736 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
737 Adds ip address to UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
738 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
739 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
740 :param ip: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
741 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
742 from rhodecode.model import forms |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
743 form = forms.UserExtraIpForm()() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
744 data = form.to_python(dict(ip=ip)) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
745 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
746 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
747 obj = UserIpMap() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
748 obj.user = user |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
749 obj.ip_addr = data['ip'] |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
750 self.sa.add(obj) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
751 return obj |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
752 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
753 def delete_extra_ip(self, user, ip_id): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
754 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
755 Removes ip address from UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
756 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
757 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
758 :param ip_id: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
759 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
760 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
761 obj = UserIpMap.query().get(ip_id) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
762 if obj: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
763 self.sa.delete(obj) |