Mercurial > kallithea
annotate rhodecode/model/user.py @ 4017:509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
author | Jonathan Sternberg <jonathansternberg@gmail.com> |
---|---|
date | Tue, 18 Jun 2013 10:37:49 -0400 |
parents | cce2d984b001 |
children | 727d2a45ec10 |
rev | line source |
---|---|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
1 # -*- coding: utf-8 -*- |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
2 """ |
956
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
3 rhodecode.model.user |
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~ |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
5 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
6 users model for RhodeCode |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
7 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
8 :created_on: Apr 9, 2010 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
9 :author: marcink |
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
12 """ |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
17 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
21 # GNU General Public License for more details. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
22 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
25 |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
26 import logging |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
27 import traceback |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
28 import itertools |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
29 import collections |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
30 from pylons import url |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
31 from pylons.i18n.translation import _ |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
32 |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
33 from sqlalchemy.exc import DatabaseError |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
34 from sqlalchemy.orm import joinedload |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
35 |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key, get_current_rhodecode_user |
1669
f522f4d3bf93
moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents:
1634
diff
changeset
|
37 from rhodecode.lib.caching_query import FromCache |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
38 from rhodecode.model import BaseModel |
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1628
diff
changeset
|
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \ |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
43 from rhodecode.lib.exceptions import DefaultUserException, \ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
44 UserOwnsReposException |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
45 from rhodecode.model.meta import Session |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
46 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
47 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
48 log = logging.getLogger(__name__) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
49 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
50 PERM_WEIGHTS = Permission.PERM_WEIGHTS |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
51 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
52 |
752
89b9037d68b7
fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents:
750
diff
changeset
|
53 class UserModel(BaseModel): |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
54 cls = User |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1713
diff
changeset
|
55 |
1594 | 56 def get(self, user_id, cache=False): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
57 user = self.sa.query(User) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
58 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
59 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
60 "get_user_%s" % user_id)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
61 return user.get(user_id) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
62 |
2009 | 63 def get_user(self, user): |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
64 return self._get_user(user) |
2009 | 65 |
1594 | 66 def get_by_username(self, username, cache=False, case_insensitive=False): |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
67 |
742
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
68 if case_insensitive: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
69 user = self.sa.query(User).filter(User.username.ilike(username)) |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
70 else: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
71 user = self.sa.query(User)\ |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
72 .filter(User.username == username) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
73 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
74 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
75 "get_user_%s" % username)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
76 return user.scalar() |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
77 |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
78 def get_by_email(self, email, cache=False, case_insensitive=False): |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
79 return User.get_by_email(email, case_insensitive, cache) |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
80 |
1594 | 81 def get_by_api_key(self, api_key, cache=False): |
1693
60249224be04
fix for api key lookup, reuse same function in user model
Marcin Kuzminski <marcin@python-works.com>
parents:
1690
diff
changeset
|
82 return User.get_by_api_key(api_key, cache) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
83 |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
84 def create(self, form_data, cur_user=None): |
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
85 if not cur_user: |
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
86 cur_user = getattr(get_current_rhodecode_user(), 'username', '?') |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
87 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
88 try: |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
89 new_user = User() |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
90 for k, v in form_data.items(): |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
91 if k == 'password': |
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
92 v = get_crypt_password(v) |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
93 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
94 k = 'name' |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
95 setattr(new_user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
96 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
97 new_user.api_key = generate_api_key(form_data['username']) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
98 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
99 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
100 from rhodecode.lib.hooks import log_create_user |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
101 log_create_user(new_user.get_dict(), cur_user) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
1417
diff
changeset
|
102 return new_user |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
103 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
104 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
105 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
106 |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
107 def create_or_update(self, username, password, email, firstname='', |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
108 lastname='', active=True, admin=False, ldap_dn=None, cur_user=None): |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
109 """ |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
110 Creates a new instance if not found, or updates current one |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
111 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
112 :param username: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
113 :param password: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
114 :param email: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
115 :param active: |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
116 :param firstname: |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
117 :param lastname: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
118 :param active: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
119 :param admin: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
120 :param ldap_dn: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
121 """ |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
122 if not cur_user: |
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
123 cur_user = getattr(get_current_rhodecode_user(), 'username', '?') |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
124 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
125 from rhodecode.lib.auth import get_crypt_password |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
126 |
1976 | 127 log.debug('Checking for %s account in RhodeCode database' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
128 user = User.get_by_username(username, case_insensitive=True) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
129 if user is None: |
1976 | 130 log.debug('creating new user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
131 new_user = User() |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
132 edit = False |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
133 else: |
1976 | 134 log.debug('updating user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
135 new_user = user |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
136 edit = True |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
137 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
138 try: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
139 new_user.username = username |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
140 new_user.admin = admin |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
141 # set password only if creating an user or password is changed |
3625
260a7a01b054
follow Python conventions for boolean values
Mads Kiilerich <madski@unity3d.com>
parents:
3417
diff
changeset
|
142 if not edit or user.password != password: |
3809
647fb653048e
make the password optional in API calls
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
143 new_user.password = get_crypt_password(password) if password else None |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
144 new_user.api_key = generate_api_key(username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
145 new_user.email = email |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
146 new_user.active = active |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
147 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
148 new_user.name = firstname |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
149 new_user.lastname = lastname |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
150 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
151 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
152 if not edit: |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
153 from rhodecode.lib.hooks import log_create_user |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
154 log_create_user(new_user.get_dict(), cur_user) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
155 return new_user |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
156 except (DatabaseError,): |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
157 log.error(traceback.format_exc()) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
158 raise |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
159 |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
160 def create_for_container_auth(self, username, attrs, cur_user=None): |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
161 """ |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
162 Creates the given user if it's not already in the database |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
163 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
164 :param username: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
165 :param attrs: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
166 """ |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
167 if not cur_user: |
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
168 cur_user = getattr(get_current_rhodecode_user(), 'username', '?') |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
169 if self.get_by_username(username, case_insensitive=True) is None: |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
170 |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
171 # autogenerate email for container account without one |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
172 generate_email = lambda usr: '%s@container_auth.account' % usr |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
173 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
174 try: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
175 new_user = User() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
176 new_user.username = username |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
177 new_user.password = None |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
178 new_user.api_key = generate_api_key(username) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
179 new_user.email = attrs['email'] |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
180 new_user.active = attrs.get('active', True) |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
181 new_user.name = attrs['name'] or generate_email(username) |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
182 new_user.lastname = attrs['lastname'] |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
183 |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
184 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
185 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
186 from rhodecode.lib.hooks import log_create_user |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
187 log_create_user(new_user.get_dict(), cur_user) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
188 return new_user |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
189 except (DatabaseError,): |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
190 log.error(traceback.format_exc()) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
191 self.sa.rollback() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
192 raise |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
193 log.debug('User %s already exists. Skipping creation of account' |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
194 ' for container auth.', username) |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
195 return None |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
196 |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
197 def create_ldap(self, username, password, user_dn, attrs, cur_user=None): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
198 """ |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
199 Checks if user is in database, if not creates this user marked |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
200 as ldap user |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
201 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
202 :param username: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
203 :param password: |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
204 :param user_dn: |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
205 :param attrs: |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
206 """ |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
207 if not cur_user: |
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
208 cur_user = getattr(get_current_rhodecode_user(), 'username', '?') |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
209 from rhodecode.lib.auth import get_crypt_password |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
210 log.debug('Checking for such ldap account in RhodeCode database') |
1594 | 211 if self.get_by_username(username, case_insensitive=True) is None: |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
212 |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
213 # autogenerate email for ldap account without one |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
214 generate_email = lambda usr: '%s@ldap.account' % usr |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
215 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
216 try: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
217 new_user = User() |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
218 username = username.lower() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
219 # add ldap account always lowercase |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
220 new_user.username = username |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
221 new_user.password = get_crypt_password(password) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
222 new_user.api_key = generate_api_key(username) |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
223 new_user.email = attrs['email'] or generate_email(username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
224 new_user.active = attrs.get('active', True) |
1516
582686d76cb6
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1417
diff
changeset
|
225 new_user.ldap_dn = safe_unicode(user_dn) |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
226 new_user.name = attrs['name'] |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
227 new_user.lastname = attrs['lastname'] |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
228 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
229 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
230 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
231 from rhodecode.lib.hooks import log_create_user |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
232 log_create_user(new_user.get_dict(), cur_user) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
233 return new_user |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
234 except (DatabaseError,): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
235 log.error(traceback.format_exc()) |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
236 self.sa.rollback() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
237 raise |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
238 log.debug('this %s user exists skipping creation of ldap account', |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
239 username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
240 return None |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
241 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
242 def create_registration(self, form_data): |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
243 from rhodecode.model.notification import NotificationModel |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
244 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
245 try: |
2248
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
246 form_data['admin'] = False |
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
247 new_user = self.create(form_data) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
248 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
249 self.sa.add(new_user) |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
250 self.sa.flush() |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
251 |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
252 # notification to admins |
3654
ec6354949623
Fix a lot of casings - use standard casing in most places
Mads Kiilerich <madski@unity3d.com>
parents:
3653
diff
changeset
|
253 subject = _('New user registration') |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
254 body = ('New user registration\n' |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
255 '---------------------\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
256 '- Username: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
257 '- Full Name: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
258 '- Email: %s\n') |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
259 body = body % (new_user.username, new_user.full_name, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
260 new_user.email) |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
261 edit_url = url('edit_user', id=new_user.user_id, qualified=True) |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
262 kw = {'registered_user_url': edit_url} |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
263 NotificationModel().create(created_by=new_user, subject=subject, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
264 body=body, recipients=None, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
265 type_=Notification.TYPE_REGISTRATION, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
266 email_kwargs=kw) |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
267 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
268 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
269 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
270 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
271 |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
272 def update(self, user_id, form_data, skip_attrs=[]): |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
273 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
274 try: |
1594 | 275 user = self.get(user_id, cache=False) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
276 if user.username == 'default': |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
277 raise DefaultUserException( |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
278 _("You can't Edit this user since it's" |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
279 " crucial for entire application")) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
280 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
281 for k, v in form_data.items(): |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
282 if k in skip_attrs: |
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
283 continue |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
284 if k == 'new_password' and v: |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
285 user.password = get_crypt_password(v) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
286 user.api_key = generate_api_key(user.username) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
287 else: |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
288 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
289 k = 'name' |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
290 setattr(user, k, v) |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
291 self.sa.add(user) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
292 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
293 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
294 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
295 |
2657
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
296 def update_user(self, user, **kwargs): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
297 from rhodecode.lib.auth import get_crypt_password |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
298 try: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
299 user = self._get_user(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
300 if user.username == 'default': |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
301 raise DefaultUserException( |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
302 _("You can't Edit this user since it's" |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
303 " crucial for entire application") |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
304 ) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
305 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
306 for k, v in kwargs.items(): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
307 if k == 'password' and v: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
308 v = get_crypt_password(v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
309 user.api_key = generate_api_key(user.username) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
310 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
311 setattr(user, k, v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
312 self.sa.add(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
313 return user |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
314 except Exception: |
2657
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
315 log.error(traceback.format_exc()) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
316 raise |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
317 |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
318 def delete(self, user, cur_user=None): |
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
319 if not cur_user: |
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
320 cur_user = getattr(get_current_rhodecode_user(), 'username', '?') |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
321 user = self._get_user(user) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
322 |
265
0e5455fda8fd
Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
252
diff
changeset
|
323 try: |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
324 if user.username == 'default': |
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
325 raise DefaultUserException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
326 _(u"You can't remove this user since it's" |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
327 " crucial for entire application") |
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
328 ) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
329 if user.repositories: |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
330 repos = [x.repo_name for x in user.repositories] |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
331 raise UserOwnsReposException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
332 _(u'user "%s" still owns %s repositories and cannot be ' |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
333 'removed. Switch owners or remove those repositories. %s') |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
334 % (user.username, len(repos), ', '.join(repos)) |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
335 ) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
336 self.sa.delete(user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
337 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
338 from rhodecode.lib.hooks import log_delete_user |
4017
509923dac48d
Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
4016
diff
changeset
|
339 log_delete_user(user.get_dict(), cur_user) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
340 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
341 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
342 raise |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
343 |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
344 def reset_password_link(self, data): |
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
345 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
346 from rhodecode.model.notification import EmailNotificationModel |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
347 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
348 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
349 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
350 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
351 log.debug('password reset user found %s' % user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
352 link = url('reset_password_confirmation', key=user.api_key, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
353 qualified=True) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
354 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
355 body = EmailNotificationModel().get_email_tmpl(reg_type, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
356 **{'user': user.short_contact, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
357 'reset_url': link}) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
358 log.debug('sending email') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
359 run_task(tasks.send_email, user_email, |
3654
ec6354949623
Fix a lot of casings - use standard casing in most places
Mads Kiilerich <madski@unity3d.com>
parents:
3653
diff
changeset
|
360 _("Password reset link"), body, body) |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
361 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
362 else: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
363 log.debug("password reset email %s not found" % user_email) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
364 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
365 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
366 return False |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
367 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
368 return True |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
369 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
370 def reset_password(self, data): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
371 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
372 from rhodecode.lib import auth |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
373 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
374 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
375 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
376 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
377 new_passwd = auth.PasswordGenerator().gen_password(8, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
378 auth.PasswordGenerator.ALPHABETS_BIG_SMALL) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
379 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
380 user.password = auth.get_crypt_password(new_passwd) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
381 user.api_key = auth.generate_api_key(user.username) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
382 Session().add(user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
383 Session().commit() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
384 log.info('change password for %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
385 if new_passwd is None: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
386 raise Exception('unable to generate new password') |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
387 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
388 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
389 Session().rollback() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
390 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
391 run_task(tasks.send_email, user_email, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
392 _('Your new password'), |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
393 _('Your new RhodeCode password:%s') % (new_passwd)) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
394 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
395 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
396 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
397 log.error('Failed to update user password') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
398 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
399 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
400 return True |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
401 |
1594 | 402 def fill_data(self, auth_user, user_id=None, api_key=None): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
403 """ |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
404 Fetches auth_user by user_id,or api_key if present. |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
405 Fills auth_user attributes with those taken from database. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
406 Additionally set's is_authenitated if lookup fails |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
407 present in database |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
408 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
409 :param auth_user: instance of user to set attributes |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
410 :param user_id: user id to fetch by |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
411 :param api_key: api key to fetch by |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
412 """ |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
413 if user_id is None and api_key is None: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
414 raise Exception('You need to pass user_id or api_key') |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
415 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
416 try: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
417 if api_key: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
418 dbuser = self.get_by_api_key(api_key) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
419 else: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
420 dbuser = self.get(user_id) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
421 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
422 if dbuser is not None and dbuser.active: |
1976 | 423 log.debug('filling %s data' % dbuser) |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
424 for k, v in dbuser.get_dict().items(): |
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
425 setattr(auth_user, k, v) |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
426 else: |
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
427 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
428 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
429 except Exception: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
430 log.error(traceback.format_exc()) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
431 auth_user.is_authenticated = False |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
432 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
433 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
434 return True |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
435 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
436 def fill_perms(self, user, explicit=True, algo='higherwin'): |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
437 """ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
438 Fills user permission attribute with permissions taken from database |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
439 works for permissions given for repositories, and for permissions that |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
440 are granted to groups |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
441 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
442 :param user: user instance to fill his perms |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
443 :param explicit: In case there are permissions both for user and a group |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
444 that user is part of, explicit flag will defiine if user will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
445 explicitly override permissions from group, if it's False it will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
446 make decision based on the algo |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
447 :param algo: algorithm to decide what permission should be choose if |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
448 it's multiple defined, eg user in two different groups. It also |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
449 decides if explicit flag is turned off how to specify the permission |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
450 for case when user is in a group + have defined separate permission |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
451 """ |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
452 RK = 'repositories' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
453 GK = 'repositories_groups' |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
454 UK = 'user_groups' |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
455 GLOBAL = 'global' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
456 user.permissions[RK] = {} |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
457 user.permissions[GK] = {} |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
458 user.permissions[UK] = {} |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
459 user.permissions[GLOBAL] = set() |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
460 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
461 def _choose_perm(new_perm, cur_perm): |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
462 new_perm_val = PERM_WEIGHTS[new_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
463 cur_perm_val = PERM_WEIGHTS[cur_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
464 if algo == 'higherwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
465 if new_perm_val > cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
466 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
467 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
468 elif algo == 'lowerwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
469 if new_perm_val < cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
470 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
471 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
472 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
473 #====================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
474 # fetch default permissions |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
475 #====================================================================== |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
476 default_user = User.get_by_username('default', cache=True) |
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
477 default_user_id = default_user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
478 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
479 default_repo_perms = Permission.get_default_perms(default_user_id) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
480 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
481 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
482 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
483 if user.is_admin: |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
484 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
485 # admin user have all default rights for repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
486 # and groups set to admin |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
487 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
488 user.permissions[GLOBAL].add('hg.admin') |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
489 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
490 # repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
491 for perm in default_repo_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
492 r_k = perm.UserRepoToPerm.repository.repo_name |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
493 p = 'repository.admin' |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
494 user.permissions[RK][r_k] = p |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
495 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
496 # repository groups |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
497 for perm in default_repo_groups_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
498 rg_k = perm.UserRepoGroupToPerm.group.group_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
499 p = 'group.admin' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
500 user.permissions[GK][rg_k] = p |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
501 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
502 # user groups |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
503 for perm in default_user_group_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
504 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
505 p = 'usergroup.admin' |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
506 user.permissions[UK][u_k] = p |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
507 return user |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
508 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
509 #================================================================== |
3653
4c78a0855a17
Fix 'repos group' - it is 'repository group'
Mads Kiilerich <madski@unity3d.com>
parents:
3631
diff
changeset
|
510 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
511 #================================================================== |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
512 uid = user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
513 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
514 # default global permissions taken fron the default user |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
515 default_global_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
516 .filter(UserToPerm.user_id == default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
517 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
518 for perm in default_global_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
519 user.permissions[GLOBAL].add(perm.permission.permission_name) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
520 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
521 # defaults for repositories, taken from default user |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
522 for perm in default_repo_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
523 r_k = perm.UserRepoToPerm.repository.repo_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
524 if perm.Repository.private and not (perm.Repository.user_id == uid): |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
525 # disable defaults for private repos, |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
526 p = 'repository.none' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
527 elif perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
528 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
529 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
530 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
531 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
532 |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
533 user.permissions[RK][r_k] = p |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
534 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
535 # defaults for repository groups taken from default user permission |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
536 # on given group |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
537 for perm in default_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
538 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
539 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
540 user.permissions[GK][rg_k] = p |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
541 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
542 # defaults for user groups taken from default user permission |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
543 # on given user group |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
544 for perm in default_user_group_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
545 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
546 p = perm.Permission.permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
547 user.permissions[UK][u_k] = p |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
548 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
549 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
550 # !! OVERRIDE GLOBALS !! with user permissions if any found |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
551 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
552 # those can be configured from groups or users explicitly |
3736
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
553 _configurable = set([ |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
554 'hg.fork.none', 'hg.fork.repository', |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
555 'hg.create.none', 'hg.create.repository', |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
556 'hg.usergroup.create.false', 'hg.usergroup.create.true' |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
557 ]) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
558 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
559 # USER GROUPS comes first |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
560 # user group global permissions |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
561 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
562 .options(joinedload(UserGroupToPerm.permission))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
563 .join((UserGroupMember, UserGroupToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
564 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
565 .filter(UserGroupMember.user_id == uid)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
566 .order_by(UserGroupToPerm.users_group_id)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
567 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
568 #need to group here by groups since user can be in more than one group |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
569 _grouped = [[x, list(y)] for x, y in |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
570 itertools.groupby(user_perms_from_users_groups, |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
571 lambda x:x.users_group)] |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
572 for gr, perms in _grouped: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
573 # since user can be in multiple groups iterate over them and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
574 # select the lowest permissions first (more explicit) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
575 ##TODO: do this^^ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
576 if not gr.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
577 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
578 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
579 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
580 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
581 for perm in perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
582 user.permissions[GLOBAL].add(perm.permission.permission_name) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
583 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
584 # user specific global permissions |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
585 user_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
586 .options(joinedload(UserToPerm.permission))\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
587 .filter(UserToPerm.user_id == uid).all() |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
588 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
589 if not user.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
590 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
591 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
592 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
593 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
594 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
595 for perm in user_perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
596 user.permissions[GLOBAL].add(perm.permission.permission_name) |
3736
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
597 ## END GLOBAL PERMISSIONS |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
598 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
599 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
600 # !! PERMISSIONS FOR REPOSITORIES !! |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
601 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
602 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
603 # check if user is part of user groups for this repository and |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
604 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
605 # permission should be selected based on selected method |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
606 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
607 |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
608 # user group for repositories permissions |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
609 user_repo_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
610 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
611 .join((Repository, UserGroupRepoToPerm.repository_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
612 Repository.repo_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
613 .join((Permission, UserGroupRepoToPerm.permission_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
614 Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
615 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
616 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
617 .filter(UserGroupMember.user_id == uid)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
618 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
619 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
620 multiple_counter = collections.defaultdict(int) |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
621 for perm in user_repo_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
622 r_k = perm.UserGroupRepoToPerm.repository.repo_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
623 multiple_counter[r_k] += 1 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
624 p = perm.Permission.permission_name |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
625 cur_perm = user.permissions[RK][r_k] |
2864
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
626 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
627 if perm.Repository.user_id == uid: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
628 # set admin if owner |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
629 p = 'repository.admin' |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
630 else: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
631 if multiple_counter[r_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
632 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
633 user.permissions[RK][r_k] = p |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
634 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
635 # user explicit permissions for repositories, overrides any specified |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
636 # by the group permission |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
637 user_repo_perms = Permission.get_default_perms(uid) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
638 for perm in user_repo_perms: |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
639 r_k = perm.UserRepoToPerm.repository.repo_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
640 cur_perm = user.permissions[RK][r_k] |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
641 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
642 if perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
643 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
644 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
645 p = perm.Permission.permission_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
646 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
647 p = _choose_perm(p, cur_perm) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
648 user.permissions[RK][r_k] = p |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
649 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
650 #====================================================================== |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
651 # !! PERMISSIONS FOR REPOSITORY GROUPS !! |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
652 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
653 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
654 # check if user is part of user groups for this repository groups and |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
655 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
656 # permission should be selected based on selected method |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
657 #====================================================================== |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
658 # user group for repo groups permissions |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
659 user_repo_group_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
660 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
661 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
662 .join((Permission, UserGroupRepoGroupToPerm.permission_id |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
663 == Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
664 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
665 == UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
666 .filter(UserGroupMember.user_id == uid)\ |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
667 .all() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
668 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
669 multiple_counter = collections.defaultdict(int) |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
670 for perm in user_repo_group_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
671 g_k = perm.UserGroupRepoGroupToPerm.group.group_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
672 multiple_counter[g_k] += 1 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
673 p = perm.Permission.permission_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
674 cur_perm = user.permissions[GK][g_k] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
675 if multiple_counter[g_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
676 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
677 user.permissions[GK][g_k] = p |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
678 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
679 # user explicit permissions for repository groups |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
680 user_repo_groups_perms = Permission.get_default_group_perms(uid) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
681 for perm in user_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
682 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
683 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
684 cur_perm = user.permissions[GK][rg_k] |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
685 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
686 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
687 user.permissions[GK][rg_k] = p |
2129
43481c3d70ca
#399 added inheritance of permissions for users group on repos groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2124
diff
changeset
|
688 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
689 #====================================================================== |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
690 # !! PERMISSIONS FOR USER GROUPS !! |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
691 #====================================================================== |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
692 # user group for user group permissions |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
693 user_group_user_groups_perms = \ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
694 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
695 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
696 == UserGroup.users_group_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
697 .join((Permission, UserGroupUserGroupToPerm.permission_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
698 == Permission.permission_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
699 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
700 == UserGroupMember.users_group_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
701 .filter(UserGroupMember.user_id == uid)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
702 .all() |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
703 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
704 multiple_counter = collections.defaultdict(int) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
705 for perm in user_group_user_groups_perms: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
706 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
707 multiple_counter[g_k] += 1 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
708 p = perm.Permission.permission_name |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
709 cur_perm = user.permissions[UK][g_k] |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
710 if multiple_counter[g_k] > 1: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
711 p = _choose_perm(p, cur_perm) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
712 user.permissions[UK][g_k] = p |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
713 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
714 #user explicit permission for user groups |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
715 user_user_groups_perms = Permission.get_default_user_group_perms(uid) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
716 for perm in user_user_groups_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
717 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
718 p = perm.Permission.permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
719 cur_perm = user.permissions[UK][u_k] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
720 if not explicit: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
721 p = _choose_perm(p, cur_perm) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
722 user.permissions[UK][u_k] = p |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
723 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
724 return user |
1594 | 725 |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
726 def has_perm(self, user, perm): |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
727 perm = self._get_perm(perm) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
728 user = self._get_user(user) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
729 |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
730 return UserToPerm.query().filter(UserToPerm.user == user)\ |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
731 .filter(UserToPerm.permission == perm).scalar() is not None |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
732 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
733 def grant_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
734 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
735 Grant user global permissions |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
736 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
737 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
738 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
739 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
740 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
741 perm = self._get_perm(perm) |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
742 # if this permission is already granted skip it |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
743 _perm = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
744 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
745 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
746 .scalar() |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
747 if _perm: |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
748 return |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
749 new = UserToPerm() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
750 new.user = user |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
751 new.permission = perm |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
752 self.sa.add(new) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
753 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
754 def revoke_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
755 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
756 Revoke users global permissions |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
757 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
758 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
759 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
760 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
761 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
762 perm = self._get_perm(perm) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
763 |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
764 obj = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
765 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
766 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
767 .scalar() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
768 if obj: |
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
769 self.sa.delete(obj) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
770 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
771 def add_extra_email(self, user, email): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
772 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
773 Adds email address to UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
774 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
775 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
776 :param email: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
777 """ |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
778 from rhodecode.model import forms |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
779 form = forms.UserExtraEmailForm()() |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
780 data = form.to_python(dict(email=email)) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
781 user = self._get_user(user) |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
782 |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
783 obj = UserEmailMap() |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
784 obj.user = user |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
785 obj.email = data['email'] |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
786 self.sa.add(obj) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
787 return obj |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
788 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
789 def delete_extra_email(self, user, email_id): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
790 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
791 Removes email address from UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
792 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
793 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
794 :param email_id: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
795 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
796 user = self._get_user(user) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
797 obj = UserEmailMap.query().get(email_id) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
798 if obj: |
2478
8eab81115660
white space cleanup
Marcin Kuzminski <marcin@python-works.com>
parents:
2467
diff
changeset
|
799 self.sa.delete(obj) |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
800 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
801 def add_extra_ip(self, user, ip): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
802 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
803 Adds ip address to UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
804 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
805 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
806 :param ip: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
807 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
808 from rhodecode.model import forms |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
809 form = forms.UserExtraIpForm()() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
810 data = form.to_python(dict(ip=ip)) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
811 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
812 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
813 obj = UserIpMap() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
814 obj.user = user |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
815 obj.ip_addr = data['ip'] |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
816 self.sa.add(obj) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
817 return obj |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
818 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
819 def delete_extra_ip(self, user, ip_id): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
820 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
821 Removes ip address from UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
822 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
823 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
824 :param ip_id: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
825 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
826 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
827 obj = UserIpMap.query().get(ip_id) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
828 if obj: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
829 self.sa.delete(obj) |