kallithea: rhodecode/model/user.py annotate

annotate rhodecode/model/user.py @ 4017:509923dac48d

Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions.

author	Jonathan Sternberg <jonathansternberg@gmail.com>
date	Tue, 18 Jun 2013 10:37:49 -0400
parents	cce2d984b001
children	727d2a45ec10

rev	line source
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	1 # -- coding: utf-8 --
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	2 """
956 83d35d716a02 started working on issue #56 Marcin Kuzminski <marcin@python-works.com> parents: 902 diff changeset	3 rhodecode.model.user
83d35d716a02 started working on issue #56 Marcin Kuzminski <marcin@python-works.com> parents: 902 diff changeset	4 ~~~~~~~~~~~~~~~~~~~~
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	5
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	6 users model for RhodeCode
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	7
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	8 :created_on: Apr 9, 2010
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	9 :author: marcink
1824 89efedac4e6c 2012 copyrights Marcin Kuzminski <marcin@python-works.com> parents: 1818 diff changeset	10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	11 :license: GPLv3, see COPYING for more details.
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	12 """
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	13 # This program is free software: you can redistribute it and/or modify
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	14 # it under the terms of the GNU General Public License as published by
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	15 # the Free Software Foundation, either version 3 of the License, or
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	16 # (at your option) any later version.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	17 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	18 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	21 # GNU General Public License for more details.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	22 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	23 # You should have received a copy of the GNU General Public License
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	25
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	26 import logging
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	27 import traceback
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	28 import itertools
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	29 import collections
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	30 from pylons import url
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	31 from pylons.i18n.translation import _
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	32
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	33 from sqlalchemy.exc import DatabaseError
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	34 from sqlalchemy.orm import joinedload
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	35
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key, get_current_rhodecode_user
1669 f522f4d3bf93 moved caching query to libs Marcin Kuzminski <marcin@python-works.com> parents: 1634 diff changeset	37 from rhodecode.lib.caching_query import FromCache
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	38 from rhodecode.model import BaseModel
1633 2c0d35e336b5 refactoring of models names for repoGroup permissions Marcin Kuzminski <marcin@python-works.com> parents: 1628 diff changeset	39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
3788 d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	43 from rhodecode.lib.exceptions import DefaultUserException, \
2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	44 UserOwnsReposException
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	45 from rhodecode.model.meta import Session
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	46
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	47
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	48 log = logging.getLogger(__name__)
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	49
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	50 PERM_WEIGHTS = Permission.PERM_WEIGHTS
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	51
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	52
752 89b9037d68b7 fixed Example celery config to ampq, Marcin Kuzminski <marcin@python-works.com> parents: 750 diff changeset	53 class UserModel(BaseModel):
2522 17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	54 cls = User
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1713 diff changeset	55
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	56 def get(self, user_id, cache=False):
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	57 user = self.sa.query(User)
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	58 if cache:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	59 user = user.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	60 "get_user_%s" % user_id))
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	61 return user.get(user_id)
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	62
2009 b63adad7c4af API updates Marcin Kuzminski <marcin@python-works.com> parents: 1982 diff changeset	63 def get_user(self, user):
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	64 return self._get_user(user)
2009 b63adad7c4af API updates Marcin Kuzminski <marcin@python-works.com> parents: 1982 diff changeset	65
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	66 def get_by_username(self, username, cache=False, case_insensitive=False):
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	67
742 1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	68 if case_insensitive:
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	69 user = self.sa.query(User).filter(User.username.ilike(username))
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	70 else:
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	71 user = self.sa.query(User)\
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	72 .filter(User.username == username)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	73 if cache:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	74 user = user.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	75 "get_user_%s" % username))
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	76 return user.scalar()
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	77
2522 17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	78 def get_by_email(self, email, cache=False, case_insensitive=False):
17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	79 return User.get_by_email(email, case_insensitive, cache)
17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	80
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	81 def get_by_api_key(self, api_key, cache=False):
1693 60249224be04 fix for api key lookup, reuse same function in user model Marcin Kuzminski <marcin@python-works.com> parents: 1690 diff changeset	82 return User.get_by_api_key(api_key, cache)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	83
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	84 def create(self, form_data, cur_user=None):
509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	85 if not cur_user:
509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	86 cur_user = getattr(get_current_rhodecode_user(), 'username', '?')
2467 4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	87 from rhodecode.lib.auth import get_crypt_password
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	88 try:
a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	89 new_user = User()
a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	90 for k, v in form_data.items():
2467 4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	91 if k == 'password':
4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	92 v = get_crypt_password(v)
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	93 if k == 'firstname':
6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	94 k = 'name'
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	95 setattr(new_user, k, v)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	96
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	97 new_user.api_key = generate_api_key(form_data['username'])
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	98 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	99
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	100 from rhodecode.lib.hooks import log_create_user
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	101 log_create_user(new_user.get_dict(), cur_user)
1586 2ccb32ddcfd7 Add API for repositories and groups (creation, permission) Nicolas VINOT <aeris@imirhil.fr> parents: 1417 diff changeset	102 return new_user
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	103 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	104 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	105 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	106
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	107 def create_or_update(self, username, password, email, firstname='',
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	108 lastname='', active=True, admin=False, ldap_dn=None, cur_user=None):
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	109 """
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	110 Creates a new instance if not found, or updates current one
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	111
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	112 :param username:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	113 :param password:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	114 :param email:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	115 :param active:
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	116 :param firstname:
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	117 :param lastname:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	118 :param active:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	119 :param admin:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	120 :param ldap_dn:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	121 """
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	122 if not cur_user:
509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	123 cur_user = getattr(get_current_rhodecode_user(), 'username', '?')
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	124
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	125 from rhodecode.lib.auth import get_crypt_password
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	126
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	127 log.debug('Checking for %s account in RhodeCode database' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	128 user = User.get_by_username(username, case_insensitive=True)
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	129 if user is None:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	130 log.debug('creating new user %s' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	131 new_user = User()
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	132 edit = False
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	133 else:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	134 log.debug('updating user %s' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	135 new_user = user
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	136 edit = True
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	137
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	138 try:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	139 new_user.username = username
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	140 new_user.admin = admin
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	141 # set password only if creating an user or password is changed
3625 260a7a01b054 follow Python conventions for boolean values Mads Kiilerich <madski@unity3d.com> parents: 3417 diff changeset	142 if not edit or user.password != password:
3809 647fb653048e make the password optional in API calls Marcin Kuzminski <marcin@python-works.com> parents: 3788 diff changeset	143 new_user.password = get_crypt_password(password) if password else None
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	144 new_user.api_key = generate_api_key(username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	145 new_user.email = email
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	146 new_user.active = active
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	147 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	148 new_user.name = firstname
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	149 new_user.lastname = lastname
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	150 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	151
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	152 if not edit:
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	153 from rhodecode.lib.hooks import log_create_user
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	154 log_create_user(new_user.get_dict(), cur_user)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	155 return new_user
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	156 except (DatabaseError,):
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	157 log.error(traceback.format_exc())
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	158 raise
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	159
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	160 def create_for_container_auth(self, username, attrs, cur_user=None):
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	161 """
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	162 Creates the given user if it's not already in the database
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	163
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	164 :param username:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	165 :param attrs:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	166 """
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	167 if not cur_user:
509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	168 cur_user = getattr(get_current_rhodecode_user(), 'username', '?')
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	169 if self.get_by_username(username, case_insensitive=True) is None:
1690 6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	170
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	171 # autogenerate email for container account without one
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	172 generate_email = lambda usr: '%s@container_auth.account' % usr
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	173
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	174 try:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	175 new_user = User()
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	176 new_user.username = username
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	177 new_user.password = None
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	178 new_user.api_key = generate_api_key(username)
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	179 new_user.email = attrs['email']
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	180 new_user.active = attrs.get('active', True)
1690 6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	181 new_user.name = attrs['name'] or generate_email(username)
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	182 new_user.lastname = attrs['lastname']
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	183
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	184 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	185
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	186 from rhodecode.lib.hooks import log_create_user
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	187 log_create_user(new_user.get_dict(), cur_user)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	188 return new_user
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	189 except (DatabaseError,):
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	190 log.error(traceback.format_exc())
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	191 self.sa.rollback()
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	192 raise
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	193 log.debug('User %s already exists. Skipping creation of account'
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	194 ' for container auth.', username)
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	195 return None
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	196
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	197 def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	198 """
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	199 Checks if user is in database, if not creates this user marked
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	200 as ldap user
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	201
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	202 :param username:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	203 :param password:
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	204 :param user_dn:
b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	205 :param attrs:
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	206 """
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	207 if not cur_user:
509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	208 cur_user = getattr(get_current_rhodecode_user(), 'username', '?')
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	209 from rhodecode.lib.auth import get_crypt_password
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	210 log.debug('Checking for such ldap account in RhodeCode database')
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	211 if self.get_by_username(username, case_insensitive=True) is None:
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	212
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	213 # autogenerate email for ldap account without one
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	214 generate_email = lambda usr: '%s@ldap.account' % usr
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	215
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	216 try:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	217 new_user = User()
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	218 username = username.lower()
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	219 # add ldap account always lowercase
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	220 new_user.username = username
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	221 new_user.password = get_crypt_password(password)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	222 new_user.api_key = generate_api_key(username)
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	223 new_user.email = attrs['email'] or generate_email(username)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	224 new_user.active = attrs.get('active', True)
1516 582686d76cb6 fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation Marcin Kuzminski <marcin@python-works.com> parents: 1417 diff changeset	225 new_user.ldap_dn = safe_unicode(user_dn)
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	226 new_user.name = attrs['name']
b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	227 new_user.lastname = attrs['lastname']
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	228
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	229 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	230
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	231 from rhodecode.lib.hooks import log_create_user
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	232 log_create_user(new_user.get_dict(), cur_user)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	233 return new_user
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	234 except (DatabaseError,):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	235 log.error(traceback.format_exc())
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	236 self.sa.rollback()
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	237 raise
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	238 log.debug('this %s user exists skipping creation of ldap account',
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	239 username)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	240 return None
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	241
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	242 def create_registration(self, form_data):
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	243 from rhodecode.model.notification import NotificationModel
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	244
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	245 try:
2248 72542dc597be fixed issue with empty APIKEYS on registration #438 Marcin Kuzminski <marcin@python-works.com> parents: 2186 diff changeset	246 form_data['admin'] = False
72542dc597be fixed issue with empty APIKEYS on registration #438 Marcin Kuzminski <marcin@python-works.com> parents: 2186 diff changeset	247 new_user = self.create(form_data)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	248
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	249 self.sa.add(new_user)
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	250 self.sa.flush()
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	251
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	252 # notification to admins
3654 ec6354949623 Fix a lot of casings - use standard casing in most places Mads Kiilerich <madski@unity3d.com> parents: 3653 diff changeset	253 subject = _('New user registration')
689 ecc566f8b69f fixes #59, notifications for user registrations + some changes to mailer Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	254 body = ('New user registration\n'
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	255 '---------------------\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	256 '- Username: %s\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	257 '- Full Name: %s\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	258 '- Email: %s\n')
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	259 body = body % (new_user.username, new_user.full_name,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	260 new_user.email)
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	261 edit_url = url('edit_user', id=new_user.user_id, qualified=True)
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	262 kw = {'registered_user_url': edit_url}
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	263 NotificationModel().create(created_by=new_user, subject=subject,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	264 body=body, recipients=None,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	265 type_=Notification.TYPE_REGISTRATION,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	266 email_kwargs=kw)
689 ecc566f8b69f fixes #59, notifications for user registrations + some changes to mailer Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	267
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	268 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	269 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	270 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	271
3021 b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	272 def update(self, user_id, form_data, skip_attrs=[]):
2488 b5b34d71b23b fix crypt password on update my account Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	273 from rhodecode.lib.auth import get_crypt_password
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	274 try:
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	275 user = self.get(user_id, cache=False)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	276 if user.username == 'default':
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	277 raise DefaultUserException(
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	278 _("You can't Edit this user since it's"
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	279 " crucial for entire application"))
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	280
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	281 for k, v in form_data.items():
3021 b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	282 if k in skip_attrs:
b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	283 continue
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	284 if k == 'new_password' and v:
2488 b5b34d71b23b fix crypt password on update my account Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	285 user.password = get_crypt_password(v)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	286 user.api_key = generate_api_key(user.username)
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	287 else:
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	288 if k == 'firstname':
6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	289 k = 'name'
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	290 setattr(user, k, v)
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	291 self.sa.add(user)
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	292 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	293 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	294 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	295
2657 001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	296 def update_user(self, user, **kwargs):
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	297 from rhodecode.lib.auth import get_crypt_password
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	298 try:
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	299 user = self._get_user(user)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	300 if user.username == 'default':
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	301 raise DefaultUserException(
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	302 _("You can't Edit this user since it's"
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	303 " crucial for entire application")
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	304 )
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	305
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	306 for k, v in kwargs.items():
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	307 if k == 'password' and v:
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	308 v = get_crypt_password(v)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	309 user.api_key = generate_api_key(user.username)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	310
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	311 setattr(user, k, v)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	312 self.sa.add(user)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	313 return user
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	314 except Exception:
2657 001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	315 log.error(traceback.format_exc())
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	316 raise
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	317
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	318 def delete(self, user, cur_user=None):
509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	319 if not cur_user:
509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	320 cur_user = getattr(get_current_rhodecode_user(), 'username', '?')
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	321 user = self._get_user(user)
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	322
265 0e5455fda8fd Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 252 diff changeset	323 try:
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	324 if user.username == 'default':
0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	325 raise DefaultUserException(
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	326 _(u"You can't remove this user since it's"
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	327 " crucial for entire application")
273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	328 )
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	329 if user.repositories:
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	330 repos = [x.repo_name for x in user.repositories]
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	331 raise UserOwnsReposException(
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	332 _(u'user "%s" still owns %s repositories and cannot be '
fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	333 'removed. Switch owners or remove those repositories. %s')
fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	334 % (user.username, len(repos), ', '.join(repos))
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	335 )
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	336 self.sa.delete(user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	337
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	338 from rhodecode.lib.hooks import log_delete_user
4017 509923dac48d Include the current user as a created_by/deleted_by attribute for USER_HOOK extensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 4016 diff changeset	339 log_delete_user(user.get_dict(), cur_user)
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	340 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	341 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	342 raise
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	343
1417 5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	344 def reset_password_link(self, data):
5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	345 from rhodecode.lib.celerylib import tasks, run_task
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	346 from rhodecode.model.notification import EmailNotificationModel
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	347 user_email = data['email']
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	348 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	349 user = User.get_by_email(user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	350 if user:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	351 log.debug('password reset user found %s' % user)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	352 link = url('reset_password_confirmation', key=user.api_key,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	353 qualified=True)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	354 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	355 body = EmailNotificationModel().get_email_tmpl(reg_type,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	356 **{'user': user.short_contact,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	357 'reset_url': link})
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	358 log.debug('sending email')
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	359 run_task(tasks.send_email, user_email,
3654 ec6354949623 Fix a lot of casings - use standard casing in most places Mads Kiilerich <madski@unity3d.com> parents: 3653 diff changeset	360 _("Password reset link"), body, body)
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	361 log.info('send new password mail to %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	362 else:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	363 log.debug("password reset email %s not found" % user_email)
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	364 except Exception:
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	365 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	366 return False
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	367
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	368 return True
1417 5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	369
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	370 def reset_password(self, data):
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	371 from rhodecode.lib.celerylib import tasks, run_task
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	372 from rhodecode.lib import auth
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	373 user_email = data['email']
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	374 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	375 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	376 user = User.get_by_email(user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	377 new_passwd = auth.PasswordGenerator().gen_password(8,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	378 auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	379 if user:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	380 user.password = auth.get_crypt_password(new_passwd)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	381 user.api_key = auth.generate_api_key(user.username)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	382 Session().add(user)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	383 Session().commit()
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	384 log.info('change password for %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	385 if new_passwd is None:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	386 raise Exception('unable to generate new password')
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	387 except Exception:
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	388 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	389 Session().rollback()
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	390
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	391 run_task(tasks.send_email, user_email,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	392 _('Your new password'),
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	393 _('Your new RhodeCode password:%s') % (new_passwd))
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	394 log.info('send new password mail to %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	395
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	396 except Exception:
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	397 log.error('Failed to update user password')
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	398 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	399
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	400 return True
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	401
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	402 def fill_data(self, auth_user, user_id=None, api_key=None):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	403 """
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	404 Fetches auth_user by user_id,or api_key if present.
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	405 Fills auth_user attributes with those taken from database.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	406 Additionally set's is_authenitated if lookup fails
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	407 present in database
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	408
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	409 :param auth_user: instance of user to set attributes
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	410 :param user_id: user id to fetch by
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	411 :param api_key: api key to fetch by
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	412 """
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	413 if user_id is None and api_key is None:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	414 raise Exception('You need to pass user_id or api_key')
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	415
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	416 try:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	417 if api_key:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	418 dbuser = self.get_by_api_key(api_key)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	419 else:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	420 dbuser = self.get(user_id)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	421
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	422 if dbuser is not None and dbuser.active:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	423 log.debug('filling %s data' % dbuser)
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	424 for k, v in dbuser.get_dict().items():
a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	425 setattr(auth_user, k, v)
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	426 else:
9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	427 return False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	428
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	429 except Exception:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	430 log.error(traceback.format_exc())
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	431 auth_user.is_authenticated = False
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	432 return False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	433
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	434 return True
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	435
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	436 def fill_perms(self, user, explicit=True, algo='higherwin'):
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	437 """
2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	438 Fills user permission attribute with permissions taken from database
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	439 works for permissions given for repositories, and for permissions that
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	440 are granted to groups
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	441
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	442 :param user: user instance to fill his perms
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	443 :param explicit: In case there are permissions both for user and a group
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	444 that user is part of, explicit flag will defiine if user will
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	445 explicitly override permissions from group, if it's False it will
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	446 make decision based on the algo
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	447 :param algo: algorithm to decide what permission should be choose if
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	448 it's multiple defined, eg user in two different groups. It also
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	449 decides if explicit flag is turned off how to specify the permission
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	450 for case when user is in a group + have defined separate permission
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	451 """
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	452 RK = 'repositories'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	453 GK = 'repositories_groups'
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	454 UK = 'user_groups'
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	455 GLOBAL = 'global'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	456 user.permissions[RK] = {}
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	457 user.permissions[GK] = {}
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	458 user.permissions[UK] = {}
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	459 user.permissions[GLOBAL] = set()
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	460
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	461 def _choose_perm(new_perm, cur_perm):
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	462 new_perm_val = PERM_WEIGHTS[new_perm]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	463 cur_perm_val = PERM_WEIGHTS[cur_perm]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	464 if algo == 'higherwin':
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	465 if new_perm_val > cur_perm_val:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	466 return new_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	467 return cur_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	468 elif algo == 'lowerwin':
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	469 if new_perm_val < cur_perm_val:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	470 return new_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	471 return cur_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	472
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	473 #======================================================================
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	474 # fetch default permissions
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	475 #======================================================================
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	476 default_user = User.get_by_username('default', cache=True)
07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	477 default_user_id = default_user.user_id
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	478
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	479 default_repo_perms = Permission.get_default_perms(default_user_id)
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	480 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	481 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	482
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	483 if user.is_admin:
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	484 #==================================================================
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	485 # admin user have all default rights for repositories
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	486 # and groups set to admin
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	487 #==================================================================
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	488 user.permissions[GLOBAL].add('hg.admin')
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	489
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	490 # repositories
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	491 for perm in default_repo_perms:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	492 r_k = perm.UserRepoToPerm.repository.repo_name
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	493 p = 'repository.admin'
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	494 user.permissions[RK][r_k] = p
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	495
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	496 # repository groups
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	497 for perm in default_repo_groups_perms:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	498 rg_k = perm.UserRepoGroupToPerm.group.group_name
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	499 p = 'group.admin'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	500 user.permissions[GK][rg_k] = p
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	501
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	502 # user groups
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	503 for perm in default_user_group_perms:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	504 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	505 p = 'usergroup.admin'
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	506 user.permissions[UK][u_k] = p
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	507 return user
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	508
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	509 #==================================================================
3653 4c78a0855a17 Fix 'repos group' - it is 'repository group' Mads Kiilerich <madski@unity3d.com> parents: 3631 diff changeset	510 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	511 #==================================================================
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	512 uid = user.user_id
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	513
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	514 # default global permissions taken fron the default user
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	515 default_global_perms = self.sa.query(UserToPerm)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	516 .filter(UserToPerm.user_id == default_user_id)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	517
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	518 for perm in default_global_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	519 user.permissions[GLOBAL].add(perm.permission.permission_name)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	520
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	521 # defaults for repositories, taken from default user
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	522 for perm in default_repo_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	523 r_k = perm.UserRepoToPerm.repository.repo_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	524 if perm.Repository.private and not (perm.Repository.user_id == uid):
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	525 # disable defaults for private repos,
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	526 p = 'repository.none'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	527 elif perm.Repository.user_id == uid:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	528 # set admin if owner
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	529 p = 'repository.admin'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	530 else:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	531 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	532
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	533 user.permissions[RK][r_k] = p
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	534
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	535 # defaults for repository groups taken from default user permission
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	536 # on given group
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	537 for perm in default_repo_groups_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	538 rg_k = perm.UserRepoGroupToPerm.group.group_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	539 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	540 user.permissions[GK][rg_k] = p
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	541
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	542 # defaults for user groups taken from default user permission
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	543 # on given user group
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	544 for perm in default_user_group_perms:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	545 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	546 p = perm.Permission.permission_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	547 user.permissions[UK][u_k] = p
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	548
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	549 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	550 # !! OVERRIDE GLOBALS !! with user permissions if any found
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	551 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	552 # those can be configured from groups or users explicitly
3736 87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	553 _configurable = set([
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	554 'hg.fork.none', 'hg.fork.repository',
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	555 'hg.create.none', 'hg.create.repository',
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	556 'hg.usergroup.create.false', 'hg.usergroup.create.true'
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	557 ])
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	558
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	559 # USER GROUPS comes first
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	560 # user group global permissions
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	561 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	562 .options(joinedload(UserGroupToPerm.permission))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	563 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	564 UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	565 .filter(UserGroupMember.user_id == uid)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	566 .order_by(UserGroupToPerm.users_group_id)\
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	567 .all()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	568 #need to group here by groups since user can be in more than one group
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	569 _grouped = [[x, list(y)] for x, y in
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	570 itertools.groupby(user_perms_from_users_groups,
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	571 lambda x:x.users_group)]
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	572 for gr, perms in _grouped:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	573 # since user can be in multiple groups iterate over them and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	574 # select the lowest permissions first (more explicit)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	575 ##TODO: do this^^
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	576 if not gr.inherit_default_permissions:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	577 # NEED TO IGNORE all configurable permissions and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	578 # replace them with explicitly set
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	579 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	580 .difference(_configurable)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	581 for perm in perms:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	582 user.permissions[GLOBAL].add(perm.permission.permission_name)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	583
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	584 # user specific global permissions
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	585 user_perms = self.sa.query(UserToPerm)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	586 .options(joinedload(UserToPerm.permission))\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	587 .filter(UserToPerm.user_id == uid).all()
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	588
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	589 if not user.inherit_default_permissions:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	590 # NEED TO IGNORE all configurable permissions and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	591 # replace them with explicitly set
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	592 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	593 .difference(_configurable)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	594
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	595 for perm in user_perms:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	596 user.permissions[GLOBAL].add(perm.permission.permission_name)
3736 87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	597 ## END GLOBAL PERMISSIONS
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	598
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	599 #======================================================================
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	600 # !! PERMISSIONS FOR REPOSITORIES !!
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	601 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	602 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	603 # check if user is part of user groups for this repository and
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	604 # fill in his permission from it. _choose_perm decides of which
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	605 # permission should be selected based on selected method
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	606 #======================================================================
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	607
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	608 # user group for repositories permissions
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	609 user_repo_perms_from_users_groups = \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	610 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	611 .join((Repository, UserGroupRepoToPerm.repository_id ==
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	612 Repository.repo_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	613 .join((Permission, UserGroupRepoToPerm.permission_id ==
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	614 Permission.permission_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	615 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	616 UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	617 .filter(UserGroupMember.user_id == uid)\
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	618 .all()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	619
3096 69b25f1b0b45 switch to defaultdict for counter implementation Marcin Kuzminski <marcin@python-works.com> parents: 3094 diff changeset	620 multiple_counter = collections.defaultdict(int)
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	621 for perm in user_repo_perms_from_users_groups:
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	622 r_k = perm.UserGroupRepoToPerm.repository.repo_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	623 multiple_counter[r_k] += 1
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	624 p = perm.Permission.permission_name
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	625 cur_perm = user.permissions[RK][r_k]
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	626
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	627 if perm.Repository.user_id == uid:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	628 # set admin if owner
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	629 p = 'repository.admin'
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	630 else:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	631 if multiple_counter[r_k] > 1:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	632 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	633 user.permissions[RK][r_k] = p
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	634
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	635 # user explicit permissions for repositories, overrides any specified
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	636 # by the group permission
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	637 user_repo_perms = Permission.get_default_perms(uid)
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	638 for perm in user_repo_perms:
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	639 r_k = perm.UserRepoToPerm.repository.repo_name
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	640 cur_perm = user.permissions[RK][r_k]
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	641 # set admin if owner
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	642 if perm.Repository.user_id == uid:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	643 p = 'repository.admin'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	644 else:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	645 p = perm.Permission.permission_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	646 if not explicit:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	647 p = _choose_perm(p, cur_perm)
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	648 user.permissions[RK][r_k] = p
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	649
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	650 #======================================================================
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	651 # !! PERMISSIONS FOR REPOSITORY GROUPS !!
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	652 #======================================================================
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	653 #======================================================================
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	654 # check if user is part of user groups for this repository groups and
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	655 # fill in his permission from it. _choose_perm decides of which
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	656 # permission should be selected based on selected method
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	657 #======================================================================
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	658 # user group for repo groups permissions
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	659 user_repo_group_perms_from_users_groups = \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	660 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	661 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	662 .join((Permission, UserGroupRepoGroupToPerm.permission_id
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	663 == Permission.permission_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	664 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	665 == UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	666 .filter(UserGroupMember.user_id == uid)\
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	667 .all()
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	668
3096 69b25f1b0b45 switch to defaultdict for counter implementation Marcin Kuzminski <marcin@python-works.com> parents: 3094 diff changeset	669 multiple_counter = collections.defaultdict(int)
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	670 for perm in user_repo_group_perms_from_users_groups:
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	671 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	672 multiple_counter[g_k] += 1
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	673 p = perm.Permission.permission_name
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	674 cur_perm = user.permissions[GK][g_k]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	675 if multiple_counter[g_k] > 1:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	676 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	677 user.permissions[GK][g_k] = p
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	678
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	679 # user explicit permissions for repository groups
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	680 user_repo_groups_perms = Permission.get_default_group_perms(uid)
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	681 for perm in user_repo_groups_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	682 rg_k = perm.UserRepoGroupToPerm.group.group_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	683 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	684 cur_perm = user.permissions[GK][rg_k]
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	685 if not explicit:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	686 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	687 user.permissions[GK][rg_k] = p
2129 43481c3d70ca #399 added inheritance of permissions for users group on repos groups Marcin Kuzminski <marcin@python-works.com> parents: 2124 diff changeset	688
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	689 #======================================================================
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	690 # !! PERMISSIONS FOR USER GROUPS !!
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	691 #======================================================================
3788 d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	692 # user group for user group permissions
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	693 user_group_user_groups_perms = \
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	694 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	695 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	696 == UserGroup.users_group_id))\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	697 .join((Permission, UserGroupUserGroupToPerm.permission_id
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	698 == Permission.permission_id))\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	699 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	700 == UserGroupMember.users_group_id))\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	701 .filter(UserGroupMember.user_id == uid)\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	702 .all()
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	703
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	704 multiple_counter = collections.defaultdict(int)
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	705 for perm in user_group_user_groups_perms:
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	706 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	707 multiple_counter[g_k] += 1
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	708 p = perm.Permission.permission_name
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	709 cur_perm = user.permissions[UK][g_k]
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	710 if multiple_counter[g_k] > 1:
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	711 p = _choose_perm(p, cur_perm)
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	712 user.permissions[UK][g_k] = p
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	713
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	714 #user explicit permission for user groups
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	715 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	716 for perm in user_user_groups_perms:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	717 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	718 p = perm.Permission.permission_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	719 cur_perm = user.permissions[UK][u_k]
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	720 if not explicit:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	721 p = _choose_perm(p, cur_perm)
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	722 user.permissions[UK][u_k] = p
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	723
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	724 return user
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	725
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	726 def has_perm(self, user, perm):
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	727 perm = self._get_perm(perm)
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	728 user = self._get_user(user)
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	729
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	730 return UserToPerm.query().filter(UserToPerm.user == user)\
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	731 .filter(UserToPerm.permission == perm).scalar() is not None
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	732
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	733 def grant_perm(self, user, perm):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	734 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	735 Grant user global permissions
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	736
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	737 :param user:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	738 :param perm:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	739 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	740 user = self._get_user(user)
d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	741 perm = self._get_perm(perm)
2078 d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	742 # if this permission is already granted skip it
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	743 _perm = UserToPerm.query()\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	744 .filter(UserToPerm.user == user)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	745 .filter(UserToPerm.permission == perm)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	746 .scalar()
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	747 if _perm:
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	748 return
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	749 new = UserToPerm()
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	750 new.user = user
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	751 new.permission = perm
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	752 self.sa.add(new)
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	753
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	754 def revoke_perm(self, user, perm):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	755 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	756 Revoke users global permissions
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	757
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	758 :param user:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	759 :param perm:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	760 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	761 user = self._get_user(user)
d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	762 perm = self._get_perm(perm)
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	763
2078 d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	764 obj = UserToPerm.query()\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	765 .filter(UserToPerm.user == user)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	766 .filter(UserToPerm.permission == perm)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	767 .scalar()
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	768 if obj:
a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	769 self.sa.delete(obj)
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	770
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	771 def add_extra_email(self, user, email):
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	772 """
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	773 Adds email address to UserEmailMap
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	774
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	775 :param user:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	776 :param email:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	777 """
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	778 from rhodecode.model import forms
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	779 form = forms.UserExtraEmailForm()()
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	780 data = form.to_python(dict(email=email))
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	781 user = self._get_user(user)
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	782
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	783 obj = UserEmailMap()
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	784 obj.user = user
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	785 obj.email = data['email']
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	786 self.sa.add(obj)
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	787 return obj
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	788
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	789 def delete_extra_email(self, user, email_id):
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	790 """
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	791 Removes email address from UserEmailMap
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	792
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	793 :param user:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	794 :param email_id:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	795 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	796 user = self._get_user(user)
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	797 obj = UserEmailMap.query().get(email_id)
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	798 if obj:
2478 8eab81115660 white space cleanup Marcin Kuzminski <marcin@python-works.com> parents: 2467 diff changeset	799 self.sa.delete(obj)
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	800
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	801 def add_extra_ip(self, user, ip):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	802 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	803 Adds ip address to UserIpMap
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	804
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	805 :param user:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	806 :param ip:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	807 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	808 from rhodecode.model import forms
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	809 form = forms.UserExtraIpForm()()
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	810 data = form.to_python(dict(ip=ip))
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	811 user = self._get_user(user)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	812
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	813 obj = UserIpMap()
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	814 obj.user = user
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	815 obj.ip_addr = data['ip']
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	816 self.sa.add(obj)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	817 return obj
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	818
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	819 def delete_extra_ip(self, user, ip_id):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	820 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	821 Removes ip address from UserIpMap
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	822
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	823 :param user:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	824 :param ip_id:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	825 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	826 user = self._get_user(user)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	827 obj = UserIpMap.query().get(ip_id)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	828 if obj:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	829 self.sa.delete(obj)

Mercurial > kallithea

annotate rhodecode/model/user.py @ 4017:509923dac48d