Mercurial > kallithea
annotate rhodecode/model/users_group.py @ 3914:424b6c711a7f beta
allow underscores in usernames. Helps creating special internal users
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Wed, 29 May 2013 12:13:02 +0200 |
parents | 32f66c839c54 |
children |
rev | line source |
---|---|
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
1 # -*- coding: utf-8 -*- |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
2 """ |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
3 rhodecode.model.users_group |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
5 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
2709
diff
changeset
|
6 user group model for RhodeCode |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
7 |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
8 :created_on: Oct 1, 2011 |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
9 :author: nvinot |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
10 :copyright: (C) 2011-2011 Nicolas Vinot <aeris@imirhil.fr> |
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
11 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
12 :license: GPLv3, see COPYING for more details. |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
13 """ |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
14 # This program is free software: you can redistribute it and/or modify |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
15 # it under the terms of the GNU General Public License as published by |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
16 # the Free Software Foundation, either version 3 of the License, or |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
17 # (at your option) any later version. |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
18 # |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
19 # This program is distributed in the hope that it will be useful, |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
20 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
21 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
22 # GNU General Public License for more details. |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
23 # |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
24 # You should have received a copy of the GNU General Public License |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
25 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
26 |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
27 import logging |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
28 import traceback |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
29 |
1692 | 30 from rhodecode.model import BaseModel |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
31 from rhodecode.model.db import UserGroupMember, UserGroup,\ |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
32 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
33 UserGroupUserGroupToPerm |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
34 from rhodecode.lib.exceptions import UserGroupsAssignedException,\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
35 RepoGroupAssignmentError |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
36 |
1593 | 37 log = logging.getLogger(__name__) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
38 |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1713
diff
changeset
|
39 |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
40 class UserGroupModel(BaseModel): |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
41 |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
42 cls = UserGroup |
2524
9d4b80743a2a
New repo model create function
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
43 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
44 def _get_user_group(self, users_group): |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
45 return self._get_instance(UserGroup, users_group, |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
46 callback=UserGroup.get_by_group_name) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
47 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
48 def _create_default_perms(self, user_group): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
49 # create default permission |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
50 default_perm = 'usergroup.read' |
3734
a8f520540ab0
New default permissions definition for user group create
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
51 def_user = User.get_default_user() |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
52 for p in def_user.user_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
53 if p.permission.permission_name.startswith('usergroup.'): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
54 default_perm = p.permission.permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
55 break |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
56 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
57 user_group_to_perm = UserUserGroupToPerm() |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
58 user_group_to_perm.permission = Permission.get_by_key(default_perm) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
59 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
60 user_group_to_perm.user_group = user_group |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
61 user_group_to_perm.user_id = def_user.user_id |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
62 return user_group_to_perm |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
63 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
64 def _update_permissions(self, user_group, perms_new=None, |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
65 perms_updates=None): |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
66 from rhodecode.lib.auth import HasUserGroupPermissionAny |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
67 if not perms_new: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
68 perms_new = [] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
69 if not perms_updates: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
70 perms_updates = [] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
71 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
72 # update permissions |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
73 for member, perm, member_type in perms_updates: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
74 if member_type == 'user': |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
75 # this updates existing one |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
76 self.grant_user_permission( |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
77 user_group=user_group, user=member, perm=perm |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
78 ) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
79 else: |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
80 #check if we have permissions to alter this usergroup |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
81 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
82 'usergroup.admin')(member): |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
83 self.grant_users_group_permission( |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
84 target_user_group=user_group, user_group=member, perm=perm |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
85 ) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
86 # set new permissions |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
87 for member, perm, member_type in perms_new: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
88 if member_type == 'user': |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
89 self.grant_user_permission( |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
90 user_group=user_group, user=member, perm=perm |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
91 ) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
92 else: |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
93 #check if we have permissions to alter this usergroup |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
94 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
95 'usergroup.admin')(member): |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
96 self.grant_users_group_permission( |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
97 target_user_group=user_group, user_group=member, perm=perm |
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
98 ) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
99 |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1713
diff
changeset
|
100 def get(self, users_group_id, cache=False): |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
101 return UserGroup.get(users_group_id) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
102 |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
103 def get_group(self, users_group): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
104 return self._get_user_group(users_group) |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
105 |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1713
diff
changeset
|
106 def get_by_name(self, name, cache=False, case_insensitive=False): |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
107 return UserGroup.get_by_group_name(name, cache, case_insensitive) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
108 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
109 def create(self, name, owner, active=True): |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
110 try: |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
111 new_user_group = UserGroup() |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
112 new_user_group.user = self._get_user(owner) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
113 new_user_group.users_group_name = name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
114 new_user_group.users_group_active = active |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
115 self.sa.add(new_user_group) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
116 perm_obj = self._create_default_perms(new_user_group) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
117 self.sa.add(perm_obj) |
3737
46b17730ca32
implemented usergroup permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
118 |
46b17730ca32
implemented usergroup permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
119 self.grant_user_permission(user_group=new_user_group, |
46b17730ca32
implemented usergroup permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
120 user=owner, perm='usergroup.admin') |
46b17730ca32
implemented usergroup permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
121 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
122 return new_user_group |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
123 except Exception: |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
124 log.error(traceback.format_exc()) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
125 raise |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
126 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
127 def update(self, users_group, form_data): |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
128 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
129 try: |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
130 users_group = self._get_user_group(users_group) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
131 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
132 for k, v in form_data.items(): |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
133 if k == 'users_group_members': |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
134 users_group.members = [] |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
135 self.sa.flush() |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
136 members_list = [] |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
137 if v: |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
138 v = [v] if isinstance(v, basestring) else v |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
139 for u_id in set(v): |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
140 member = UserGroupMember(users_group.users_group_id, u_id) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
141 members_list.append(member) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
142 setattr(users_group, 'members', members_list) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
143 setattr(users_group, k, v) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
144 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
145 self.sa.add(users_group) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
146 except Exception: |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
147 log.error(traceback.format_exc()) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
148 raise |
1713
54687aa00724
Tests updates, Session refactoring
Marcin Kuzminski <marcin@python-works.com>
parents:
1692
diff
changeset
|
149 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
150 def delete(self, users_group, force=False): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
151 """ |
3653
4c78a0855a17
Fix 'repos group' - it is 'repository group'
Mads Kiilerich <madski@unity3d.com>
parents:
3631
diff
changeset
|
152 Deletes repository group, unless force flag is used |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
153 raises exception if there are members in that group, else deletes |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
154 group and users |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
155 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
156 :param users_group: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
157 :param force: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1932
diff
changeset
|
158 """ |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
159 try: |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
160 users_group = self._get_user_group(users_group) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
161 |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
162 # check if this group is not assigned to repo |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
163 assigned_groups = UserGroupRepoToPerm.query()\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
164 .filter(UserGroupRepoToPerm.users_group == users_group).all() |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
165 |
3625
260a7a01b054
follow Python conventions for boolean values
Mads Kiilerich <madski@unity3d.com>
parents:
3417
diff
changeset
|
166 if assigned_groups and not force: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
167 raise UserGroupsAssignedException('RepoGroup assigned to %s' % |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
168 assigned_groups) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
169 |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
170 self.sa.delete(users_group) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
171 except Exception: |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
172 log.error(traceback.format_exc()) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
173 raise |
1713
54687aa00724
Tests updates, Session refactoring
Marcin Kuzminski <marcin@python-works.com>
parents:
1692
diff
changeset
|
174 |
1593 | 175 def add_user_to_group(self, users_group, user): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
176 users_group = self._get_user_group(users_group) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2078
diff
changeset
|
177 user = self._get_user(user) |
1989 | 178 |
1589
307ec693bdf2
[API] Create groups needed when creating repo
Nicolas VINOT <aeris@imirhil.fr>
parents:
1587
diff
changeset
|
179 for m in users_group.members: |
307ec693bdf2
[API] Create groups needed when creating repo
Nicolas VINOT <aeris@imirhil.fr>
parents:
1587
diff
changeset
|
180 u = m.user |
307ec693bdf2
[API] Create groups needed when creating repo
Nicolas VINOT <aeris@imirhil.fr>
parents:
1587
diff
changeset
|
181 if u.user_id == user.user_id: |
1989 | 182 return True |
1589
307ec693bdf2
[API] Create groups needed when creating repo
Nicolas VINOT <aeris@imirhil.fr>
parents:
1587
diff
changeset
|
183 |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
184 try: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
185 users_group_member = UserGroupMember() |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
186 users_group_member.user = user |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
187 users_group_member.users_group = users_group |
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
188 |
1593 | 189 users_group.members.append(users_group_member) |
190 user.group_member.append(users_group_member) | |
1587
8898a79ac628
Implement all CRUD API operation for repo
Nicolas VINOT <aeris@imirhil.fr>
parents:
1586
diff
changeset
|
191 |
1593 | 192 self.sa.add(users_group_member) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
diff
changeset
|
193 return users_group_member |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
194 except Exception: |
1593 | 195 log.error(traceback.format_exc()) |
1587
8898a79ac628
Implement all CRUD API operation for repo
Nicolas VINOT <aeris@imirhil.fr>
parents:
1586
diff
changeset
|
196 raise |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
197 |
1989 | 198 def remove_user_from_group(self, users_group, user): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
199 users_group = self._get_user_group(users_group) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2078
diff
changeset
|
200 user = self._get_user(user) |
1989 | 201 |
202 users_group_member = None | |
203 for m in users_group.members: | |
204 if m.user.user_id == user.user_id: | |
205 # Found this user's membership row | |
206 users_group_member = m | |
207 break | |
208 | |
209 if users_group_member: | |
210 try: | |
211 self.sa.delete(users_group_member) | |
212 return True | |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
213 except Exception: |
1989 | 214 log.error(traceback.format_exc()) |
215 raise | |
216 else: | |
217 # User isn't in that group | |
218 return False | |
219 | |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
220 def has_perm(self, users_group, perm): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
221 users_group = self._get_user_group(users_group) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2078
diff
changeset
|
222 perm = self._get_perm(perm) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
223 |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
224 return UserGroupToPerm.query()\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
225 .filter(UserGroupToPerm.users_group == users_group)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
226 .filter(UserGroupToPerm.permission == perm).scalar() is not None |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
227 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
228 def grant_perm(self, users_group, perm): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
229 users_group = self._get_user_group(users_group) |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2524
diff
changeset
|
230 perm = self._get_perm(perm) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
231 |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1989
diff
changeset
|
232 # if this permission is already granted skip it |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
233 _perm = UserGroupToPerm.query()\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
234 .filter(UserGroupToPerm.users_group == users_group)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
235 .filter(UserGroupToPerm.permission == perm)\ |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1989
diff
changeset
|
236 .scalar() |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1989
diff
changeset
|
237 if _perm: |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1989
diff
changeset
|
238 return |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1989
diff
changeset
|
239 |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
240 new = UserGroupToPerm() |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
241 new.users_group = users_group |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
242 new.permission = perm |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
243 self.sa.add(new) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
244 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
245 def revoke_perm(self, users_group, perm): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
246 users_group = self._get_user_group(users_group) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2078
diff
changeset
|
247 perm = self._get_perm(perm) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
248 |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
249 obj = UserGroupToPerm.query()\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
250 .filter(UserGroupToPerm.users_group == users_group)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
251 .filter(UserGroupToPerm.permission == perm).scalar() |
1932
1cf94aadabdc
fixes issue with initial grant/revoke permissions for users group
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
252 if obj: |
1cf94aadabdc
fixes issue with initial grant/revoke permissions for users group
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
253 self.sa.delete(obj) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
254 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
255 def grant_user_permission(self, user_group, user, perm): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
256 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
257 Grant permission for user on given user group, or update |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
258 existing one if found |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
259 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
260 :param user_group: Instance of UserGroup, users_group_id, |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
261 or users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
262 :param user: Instance of User, user_id or username |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
263 :param perm: Instance of Permission, or permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
264 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
265 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
266 user_group = self._get_user_group(user_group) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
267 user = self._get_user(user) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
268 permission = self._get_perm(perm) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
269 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
270 # check if we have that permission already |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
271 obj = self.sa.query(UserUserGroupToPerm)\ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
272 .filter(UserUserGroupToPerm.user == user)\ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
273 .filter(UserUserGroupToPerm.user_group == user_group)\ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
274 .scalar() |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
275 if obj is None: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
276 # create new ! |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
277 obj = UserUserGroupToPerm() |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
278 obj.user_group = user_group |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
279 obj.user = user |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
280 obj.permission = permission |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
281 self.sa.add(obj) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
282 log.debug('Granted perm %s to %s on %s' % (perm, user, user_group)) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
283 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
284 def revoke_user_permission(self, user_group, user): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
285 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
286 Revoke permission for user on given repository group |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
287 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
288 :param user_group: Instance of ReposGroup, repositories_group_id, |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
289 or repositories_group name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
290 :param user: Instance of User, user_id or username |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
291 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
292 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
293 user_group = self._get_user_group(user_group) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
294 user = self._get_user(user) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
295 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
296 obj = self.sa.query(UserUserGroupToPerm)\ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
297 .filter(UserUserGroupToPerm.user == user)\ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
298 .filter(UserUserGroupToPerm.user_group == user_group)\ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
299 .scalar() |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
300 if obj: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
301 self.sa.delete(obj) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
302 log.debug('Revoked perm on %s on %s' % (user_group, user)) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
303 |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
304 def grant_users_group_permission(self, target_user_group, user_group, perm): |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
305 """ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
306 Grant user group permission for given target_user_group |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
307 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
308 :param target_user_group: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
309 :param user_group: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
310 :param perm: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
311 """ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
312 target_user_group = self._get_user_group(target_user_group) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
313 user_group = self._get_user_group(user_group) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
314 permission = self._get_perm(perm) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
315 # forbid assigning same user group to itself |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
316 if target_user_group == user_group: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
317 raise RepoGroupAssignmentError('target repo:%s cannot be ' |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
318 'assigned to itself' % target_user_group) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
319 |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
320 # check if we have that permission already |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
321 obj = self.sa.query(UserGroupUserGroupToPerm)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
322 .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
323 .filter(UserGroupUserGroupToPerm.user_group == user_group)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
324 .scalar() |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
325 if obj is None: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
326 # create new ! |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
327 obj = UserGroupUserGroupToPerm() |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
328 obj.user_group = user_group |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
329 obj.target_user_group = target_user_group |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
330 obj.permission = permission |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
331 self.sa.add(obj) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
332 log.debug('Granted perm %s to %s on %s' % (perm, target_user_group, user_group)) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
333 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
334 def revoke_users_group_permission(self, target_user_group, user_group): |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
335 """ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
336 Revoke user group permission for given target_user_group |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
337 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
338 :param target_user_group: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
339 :param user_group: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
340 """ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
341 target_user_group = self._get_user_group(target_user_group) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
342 user_group = self._get_user_group(user_group) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
343 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
344 obj = self.sa.query(UserGroupUserGroupToPerm)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
345 .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
346 .filter(UserGroupUserGroupToPerm.user_group == user_group)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
347 .scalar() |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
348 if obj: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
349 self.sa.delete(obj) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3737
diff
changeset
|
350 log.debug('Revoked perm on %s on %s' % (target_user_group, user_group)) |