Mercurial > kallithea
annotate rhodecode/model/permission.py @ 2447:4753a3445ff7 codereview
merge with beta
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 11 Jun 2012 23:28:22 +0200 |
parents | a970b6e7c5a2 |
children | 17893d61792a |
rev | line source |
---|---|
759
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
1 # -*- coding: utf-8 -*- |
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
2 """ |
811 | 3 rhodecode.model.permission |
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
5 |
759
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
6 permissions model for RhodeCode |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
7 |
759
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
8 :created_on: Aug 20, 2010 |
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
9 :author: marcink |
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
759
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
12 """ |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
17 # |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
21 # GNU General Public License for more details. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
22 # |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
759
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
25 |
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
26 import logging |
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
27 import traceback |
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
28 |
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
29 from sqlalchemy.exc import DatabaseError |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
30 |
1669
f522f4d3bf93
moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
31 from rhodecode.lib.caching_query import FromCache |
f522f4d3bf93
moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
32 |
752
89b9037d68b7
fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents:
751
diff
changeset
|
33 from rhodecode.model import BaseModel |
2425
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
34 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\ |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
35 UserRepoGroupToPerm |
1669
f522f4d3bf93
moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
36 |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
37 log = logging.getLogger(__name__) |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
38 |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
39 |
752
89b9037d68b7
fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents:
751
diff
changeset
|
40 class PermissionModel(BaseModel): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
41 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
42 Permissions model for RhodeCode |
811 | 43 """ |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
44 |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
45 def get_permission(self, permission_id, cache=False): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
46 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
47 Get's permissions by id |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
48 |
811 | 49 :param permission_id: id of permission to get from database |
50 :param cache: use Cache for this query | |
51 """ | |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
52 perm = self.sa.query(Permission) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
53 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
54 perm = perm.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
55 "get_permission_%s" % permission_id)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
56 return perm.get(permission_id) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
57 |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
58 def get_permission_by_name(self, name, cache=False): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
59 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
60 Get's permissions by given name |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
61 |
811 | 62 :param name: name to fetch |
63 :param cache: Use cache for this query | |
64 """ | |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
65 perm = self.sa.query(Permission)\ |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
66 .filter(Permission.permission_name == name) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
67 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
68 perm = perm.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
69 "get_permission_%s" % name)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
70 return perm.scalar() |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
71 |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
72 def update(self, form_result): |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
73 perm_user = self.sa.query(User)\ |
1734
48d4fcf04a29
another major refactoring with session management
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
74 .filter(User.username == |
48d4fcf04a29
another major refactoring with session management
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
75 form_result['perm_user_name']).scalar() |
1271
aa7e45ad0cea
Fixed permissions for users groups, group can have create repo permission now.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
76 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == |
aa7e45ad0cea
Fixed permissions for users groups, group can have create repo permission now.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
77 perm_user).all() |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
78 if len(u2p) != 3: |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
79 raise Exception('Defined: %s should be 3 permissions for default' |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
80 ' user. This should not happen please verify' |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
81 ' your database' % len(u2p)) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
82 |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
83 try: |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
84 # stage 1 change defaults |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
85 for p in u2p: |
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
86 if p.permission.permission_name.startswith('repository.'): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
87 p.permission = self.get_permission_by_name( |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
88 form_result['default_perm']) |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
89 self.sa.add(p) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
90 |
2425
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
91 elif p.permission.permission_name.startswith('hg.register.'): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
92 p.permission = self.get_permission_by_name( |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
93 form_result['default_register']) |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
94 self.sa.add(p) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
95 |
2425
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
96 elif p.permission.permission_name.startswith('hg.create.'): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
97 p.permission = self.get_permission_by_name( |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
98 form_result['default_create']) |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
99 self.sa.add(p) |
751
ff881ec6a140
bugfix default permissions settings did not read overwrite setting
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
100 |
2425
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
101 _def_name = form_result['default_perm'].split('repository.')[-1] |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
102 #stage 2 update all default permissions for repos if checked |
751
ff881ec6a140
bugfix default permissions settings did not read overwrite setting
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
103 if form_result['overwrite_default'] == True: |
2425
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
104 _def = self.get_permission_by_name('repository.' + _def_name) |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
105 # repos |
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1271
diff
changeset
|
106 for r2p in self.sa.query(UserRepoToPerm)\ |
2425
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
107 .filter(UserRepoToPerm.user == perm_user)\ |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
108 .all(): |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
109 r2p.permission = _def |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
110 self.sa.add(r2p) |
2425
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
111 # groups |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
112 _def = self.get_permission_by_name('group.' + _def_name) |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
113 for g2p in self.sa.query(UserRepoGroupToPerm)\ |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
114 .filter(UserRepoGroupToPerm.user == perm_user)\ |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
115 .all(): |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
116 g2p.permission = _def |
a970b6e7c5a2
Update permissions from admin permissions menu, also overwrites defaults
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
117 self.sa.add(g2p) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
118 |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
119 # stage 3 set anonymous access |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
120 if perm_user.username == 'default': |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
121 perm_user.active = bool(form_result['anonymous']) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
122 self.sa.add(perm_user) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
123 |
759
a7f50911a945
Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
124 except (DatabaseError,): |
418
63c697d1a631
added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents:
417
diff
changeset
|
125 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
126 raise |