Mercurial > kallithea
annotate rhodecode/lib/auth.py @ 1056:520d27f40b51 beta
#113 removed anonymous access from forking, added system messages in login box.
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Tue, 15 Feb 2011 23:19:01 +0100 |
parents | 8e49b6ceffe1 |
children | 716911af91e1 |
rev | line source |
---|---|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
1 # -*- coding: utf-8 -*- |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
2 """ |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
3 rhodecode.lib.auth |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~ |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
5 |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
6 authentication and permission libraries |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
7 |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
8 :created_on: Apr 4, 2010 |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
9 :copyright: (c) 2010 by marcink. |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
10 :license: LICENSE_NAME, see LICENSE_FILE for more details. |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
11 """ |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
12 # This program is free software; you can redistribute it and/or |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
13 # modify it under the terms of the GNU General Public License |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
14 # as published by the Free Software Foundation; version 2 |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
15 # of the License or (at your opinion) any later version of the license. |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
16 # |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
17 # This program is distributed in the hope that it will be useful, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
18 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
20 # GNU General Public License for more details. |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
21 # |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
22 # You should have received a copy of the GNU General Public License |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
23 # along with this program; if not, write to the Free Software |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
24 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
25 # MA 02110-1301, USA. |
381
55377fdc1fc6
cleared global application settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
380
diff
changeset
|
26 |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
27 import bcrypt |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
28 import random |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
29 import logging |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
30 import traceback |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
31 |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
32 from decorator import decorator |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
33 |
343
6484963056cd
implemented cache for repeated queries in simplehg mercurial requests
Marcin Kuzminski <marcin@python-works.com>
parents:
339
diff
changeset
|
34 from pylons import config, session, url, request |
52 | 35 from pylons.controllers.util import abort, redirect |
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
36 from pylons.i18n.translation import _ |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
37 |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
38 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError |
547
1e757ac98988
renamed project to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
508
diff
changeset
|
39 from rhodecode.lib.utils import get_repo_slug |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
40 from rhodecode.lib.auth_ldap import AuthLdap |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
41 |
547
1e757ac98988
renamed project to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
508
diff
changeset
|
42 from rhodecode.model import meta |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
43 from rhodecode.model.user import UserModel |
547
1e757ac98988
renamed project to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
508
diff
changeset
|
44 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \ |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
45 UserToPerm, UsersGroupToPerm, UsersGroupMember |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
46 |
343
6484963056cd
implemented cache for repeated queries in simplehg mercurial requests
Marcin Kuzminski <marcin@python-works.com>
parents:
339
diff
changeset
|
47 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
48 log = logging.getLogger(__name__) |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
49 |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
50 |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
51 PERM_WEIGHTS = {'repository.none':0, |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
52 'repository.read':1, |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
53 'repository.write':3, |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
54 'repository.admin':3} |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
55 |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
56 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
57 class PasswordGenerator(object): |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
58 """This is a simple class for generating password from |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
59 different sets of characters |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
60 usage: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
61 passwd_gen = PasswordGenerator() |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
62 #print 8-letter password containing only big and small letters of alphabet |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
63 print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL) |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
64 """ |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
65 ALPHABETS_NUM = r'''1234567890'''#[0] |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
66 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1] |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
67 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2] |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
68 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' #[3] |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
69 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4] |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
70 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5] |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
71 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
72 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6] |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
73 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7] |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
74 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
75 def __init__(self, passwd=''): |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
76 self.passwd = passwd |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
77 |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
78 def gen_password(self, len, type): |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
79 self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
80 return self.passwd |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
81 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
82 |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
83 def get_crypt_password(password): |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
84 """Cryptographic function used for password hashing based on pybcrypt |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
85 |
604
5cc96df705b9
fixed @repo into :repo for docs
Marcin Kuzminski <marcin@python-works.com>
parents:
564
diff
changeset
|
86 :param password: password to hash |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
87 """ |
415
04e8b31fb245
Changed password crypting scheme to bcrypt, added dependency for setup
Marcin Kuzminski <marcin@python-works.com>
parents:
412
diff
changeset
|
88 return bcrypt.hashpw(password, bcrypt.gensalt(10)) |
04e8b31fb245
Changed password crypting scheme to bcrypt, added dependency for setup
Marcin Kuzminski <marcin@python-works.com>
parents:
412
diff
changeset
|
89 |
04e8b31fb245
Changed password crypting scheme to bcrypt, added dependency for setup
Marcin Kuzminski <marcin@python-works.com>
parents:
412
diff
changeset
|
90 def check_password(password, hashed): |
04e8b31fb245
Changed password crypting scheme to bcrypt, added dependency for setup
Marcin Kuzminski <marcin@python-works.com>
parents:
412
diff
changeset
|
91 return bcrypt.hashpw(password, hashed) == hashed |
343
6484963056cd
implemented cache for repeated queries in simplehg mercurial requests
Marcin Kuzminski <marcin@python-works.com>
parents:
339
diff
changeset
|
92 |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
93 def authfunc(environ, username, password): |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
94 """Dummy authentication function used in Mercurial/Git/ and access control, |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
95 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
96 :param environ: needed only for using in Basic auth |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
97 """ |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
98 return authenticate(username, password) |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
99 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
100 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
101 def authenticate(username, password): |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
102 """Authentication function used for access control, |
699
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
103 firstly checks for db authentication then if ldap is enabled for ldap |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
104 authentication, also creates ldap user if not in database |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
105 |
699
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
106 :param username: username |
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
107 :param password: password |
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
108 """ |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
109 user_model = UserModel() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
110 user = user_model.get_by_username(username, cache=False) |
699
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
111 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
112 log.debug('Authenticating user using RhodeCode account') |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
113 if user is not None and not user.ldap_dn: |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
114 if user.active: |
674
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
115 |
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
116 if user.username == 'default' and user.active: |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
117 log.info('user %s authenticated correctly as anonymous user', |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
118 username) |
674
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
119 return True |
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
120 |
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
121 elif user.username == username and check_password(password, user.password): |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
122 log.info('user %s authenticated correctly', username) |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
123 return True |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
124 else: |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
125 log.warning('user %s is disabled', username) |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
126 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
127 else: |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
128 log.debug('Regular authentication failed') |
742
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
741
diff
changeset
|
129 user_obj = user_model.get_by_username(username, cache=False, |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
741
diff
changeset
|
130 case_insensitive=True) |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
131 |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
132 if user_obj is not None and not user_obj.ldap_dn: |
749
fcd4fb51526e
added debug message for ldap auth
Marcin Kuzminski <marcin@python-works.com>
parents:
748
diff
changeset
|
133 log.debug('this user already exists as non ldap') |
748
88338675a0f7
fixed ldap issue and small template fix
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
134 return False |
88338675a0f7
fixed ldap issue and small template fix
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
135 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
136 from rhodecode.model.settings import SettingsModel |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
137 ldap_settings = SettingsModel().get_ldap_settings() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
138 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
139 #====================================================================== |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
140 # FALLBACK TO LDAP AUTH IF ENABLE |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
141 #====================================================================== |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
142 if ldap_settings.get('ldap_active', False): |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
143 log.debug("Authenticating user using ldap") |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
144 kwargs = { |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
145 'server':ldap_settings.get('ldap_host', ''), |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
146 'base_dn':ldap_settings.get('ldap_base_dn', ''), |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
147 'port':ldap_settings.get('ldap_port'), |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
148 'bind_dn':ldap_settings.get('ldap_dn_user'), |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
149 'bind_pass':ldap_settings.get('ldap_dn_pass'), |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
150 'use_ldaps':ldap_settings.get('ldap_ldaps'), |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
151 'tls_reqcert':ldap_settings.get('ldap_tls_reqcert'), |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
152 'ldap_filter':ldap_settings.get('ldap_filter'), |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
153 'search_scope':ldap_settings.get('ldap_search_scope'), |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
154 'attr_login':ldap_settings.get('ldap_attr_login'), |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
155 'ldap_version':3, |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
156 } |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
157 log.debug('Checking for ldap authentication') |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
158 try: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
159 aldap = AuthLdap(**kwargs) |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
160 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
161 log.debug('Got ldap DN response %s', user_dn) |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
162 |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
163 user_attrs = { |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
164 'name' : ldap_attrs[ldap_settings.get('ldap_attr_firstname')][0], |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
165 'lastname' : ldap_attrs[ldap_settings.get('ldap_attr_lastname')][0], |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
166 'email' : ldap_attrs[ldap_settings.get('ldap_attr_email')][0], |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
167 } |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
168 |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
169 if user_model.create_ldap(username, password, user_dn, user_attrs): |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
170 log.info('created new ldap user %s', username) |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
171 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
172 return True |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
173 except (LdapUsernameError, LdapPasswordError,): |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
174 pass |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
175 except (Exception,): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
176 log.error(traceback.format_exc()) |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
177 pass |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
178 return False |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
179 |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
180 class AuthUser(object): |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
181 """A simple object that handles a mercurial username for authentication |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
182 """ |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
183 |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
184 def __init__(self): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
185 self.username = 'None' |
355
5bbcc0cac389
added session remove in forms, and added name and lastname to auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
350
diff
changeset
|
186 self.name = '' |
5bbcc0cac389
added session remove in forms, and added name and lastname to auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
350
diff
changeset
|
187 self.lastname = '' |
404
a10bdd0b05a7
fixed user email for gravatars
Marcin Kuzminski <marcin@python-works.com>
parents:
399
diff
changeset
|
188 self.email = '' |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
189 self.user_id = None |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
190 self.is_authenticated = False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
191 self.is_admin = False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
192 self.permissions = {} |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
193 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
194 def __repr__(self): |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
195 return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username) |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
196 |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
197 def set_available_permissions(config): |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
198 """This function will propagate pylons globals with all available defined |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
199 permission given in db. We don't want to check each time from db for new |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
200 permissions since adding a new permission also requires application restart |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
201 ie. to decorate new views with the newly created permission |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
202 |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
203 :param config: current pylons config instance |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
204 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
205 """ |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
206 log.info('getting information about all available permissions') |
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
207 try: |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
612
diff
changeset
|
208 sa = meta.Session() |
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
209 all_perms = sa.query(Permission).all() |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
612
diff
changeset
|
210 except: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
612
diff
changeset
|
211 pass |
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
212 finally: |
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
213 meta.Session.remove() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
214 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
215 config['available_permissions'] = [x.permission_name for x in all_perms] |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
216 |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
217 def fill_perms(user): |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
218 """Fills user permission attribute with permissions taken from database |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
219 works for permissions given for repositories, and for permissions that |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
220 as part of beeing group member |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
221 |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
222 :param user: user instance to fill his perms |
367
a26f48ad7a8a
fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems.
Marcin Kuzminski <marcin@python-works.com>
parents:
355
diff
changeset
|
223 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
224 |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
612
diff
changeset
|
225 sa = meta.Session() |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
226 user.permissions['repositories'] = {} |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
367
diff
changeset
|
227 user.permissions['global'] = set() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
228 |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
229 #=========================================================================== |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
230 # fetch default permissions |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
231 #=========================================================================== |
692
cb0d9ce6ac5c
#50 on point cache invalidation changes.
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
232 default_user = UserModel().get_by_username('default', cache=True) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
233 |
423
16253f330094
fixes #30. Rewrite default permissions query + some other small fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
418
diff
changeset
|
234 default_perms = sa.query(RepoToPerm, Repository, Permission)\ |
399
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
235 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
236 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
609
c1c1cf772337
moved out sqlalchemy cache from meta to the config files.
Marcin Kuzminski <marcin@python-works.com>
parents:
564
diff
changeset
|
237 .filter(RepoToPerm.user == default_user).all() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
238 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
239 if user.is_admin: |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
240 #======================================================================= |
423
16253f330094
fixes #30. Rewrite default permissions query + some other small fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
418
diff
changeset
|
241 # #admin have all default rights set to admin |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
242 #======================================================================= |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
367
diff
changeset
|
243 user.permissions['global'].add('hg.admin') |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
244 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
245 for perm in default_perms: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
246 p = 'repository.admin' |
399
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
247 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
248 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
249 else: |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
250 #======================================================================= |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
251 # set default permissions |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
252 #======================================================================= |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
253 |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
254 #default global |
423
16253f330094
fixes #30. Rewrite default permissions query + some other small fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
418
diff
changeset
|
255 default_global_perms = sa.query(UserToPerm)\ |
741
54684e071457
fixes issue #78, ldap makes user validation caseInsensitive
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
256 .filter(UserToPerm.user == sa.query(User)\ |
54684e071457
fixes issue #78, ldap makes user validation caseInsensitive
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
257 .filter(User.username == 'default').one()) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
258 |
423
16253f330094
fixes #30. Rewrite default permissions query + some other small fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
418
diff
changeset
|
259 for perm in default_global_perms: |
16253f330094
fixes #30. Rewrite default permissions query + some other small fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
418
diff
changeset
|
260 user.permissions['global'].add(perm.permission.permission_name) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
261 |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
262 #default for repositories |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
263 for perm in default_perms: |
380
ca54622e39a1
Added separate create repository views for non administrative users.
Marcin Kuzminski <marcin@python-works.com>
parents:
377
diff
changeset
|
264 if perm.Repository.private and not perm.Repository.user_id == user.user_id: |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
265 #disable defaults for private repos, |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
266 p = 'repository.none' |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
267 elif perm.Repository.user_id == user.user_id: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
268 #set admin if owner |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
269 p = 'repository.admin' |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
270 else: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
271 p = perm.Permission.permission_name |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
272 |
399
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
273 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
274 |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
275 #======================================================================= |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
276 # overwrite default with user permissions if any |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
277 #======================================================================= |
423
16253f330094
fixes #30. Rewrite default permissions query + some other small fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
418
diff
changeset
|
278 user_perms = sa.query(RepoToPerm, Permission, Repository)\ |
399
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
279 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
280 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
281 .filter(RepoToPerm.user_id == user.user_id).all() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
282 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
283 for perm in user_perms: |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
284 if perm.Repository.user_id == user.user_id:#set admin if owner |
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
415
diff
changeset
|
285 p = 'repository.admin' |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
286 else: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
287 p = perm.Permission.permission_name |
399
f5c1eec9f376
rename repo2perm into repo_to_perm
Marcin Kuzminski <marcin@python-works.com>
parents:
382
diff
changeset
|
288 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
289 |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
290 |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
291 #======================================================================= |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
292 # check if user is part of groups for this repository and fill in |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
293 # (or replace with higher) permissions |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
294 #======================================================================= |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
295 user_perms_from_users_groups = sa.query(UsersGroupToPerm, Permission, Repository,)\ |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
296 .join((Repository, UsersGroupToPerm.repository_id == Repository.repo_id))\ |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
297 .join((Permission, UsersGroupToPerm.permission_id == Permission.permission_id))\ |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
298 .join((UsersGroupMember, UsersGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
299 .filter(UsersGroupMember.user_id == user.user_id).all() |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
300 |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
301 for perm in user_perms_from_users_groups: |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
302 p = perm.Permission.permission_name |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
303 cur_perm = user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name] |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
304 #overwrite permission only if it's greater than permission given from other sources |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
305 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
306 user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name] = p |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
307 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
308 meta.Session.remove() |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
309 return user |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
310 |
299
d303aacb3349
repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
311 def get_user(session): |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
312 """Gets user from session, and wraps permissions into user |
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
313 |
604
5cc96df705b9
fixed @repo into :repo for docs
Marcin Kuzminski <marcin@python-works.com>
parents:
564
diff
changeset
|
314 :param session: |
299
d303aacb3349
repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
315 """ |
548
b75b77ef649d
renamed hg_app to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
316 user = session.get('rhodecode_user', AuthUser()) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
317 #if the user is not logged in we check for anonymous access |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
318 #if user is logged and it's a default user check if we still have anonymous |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
319 #access enabled |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
320 if user.user_id is None or user.username == 'default': |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
321 anonymous_user = UserModel().get_by_username('default', cache=True) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
322 if anonymous_user.active is True: |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
323 #then we set this user is logged in |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
324 user.is_authenticated = True |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
674
diff
changeset
|
325 user.user_id = anonymous_user.user_id |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
326 else: |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
327 user.is_authenticated = False |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
328 |
299
d303aacb3349
repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
329 if user.is_authenticated: |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
330 user = UserModel().fill_data(user) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
331 |
412
b6a25169c005
fixes #25 removed crypt based password hashing and changed it into sha1 based.
Marcin Kuzminski <marcin@python-works.com>
parents:
404
diff
changeset
|
332 user = fill_perms(user) |
548
b75b77ef649d
renamed hg_app to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
333 session['rhodecode_user'] = user |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
334 session.save() |
299
d303aacb3349
repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
335 return user |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
336 |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
337 #=============================================================================== |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
338 # CHECK DECORATORS |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
339 #=============================================================================== |
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
340 class LoginRequired(object): |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
341 """Must be logged in to execute this function else |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
342 redirect to login page""" |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
343 |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
344 def __call__(self, func): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
345 return decorator(self.__wrapper, func) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
346 |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
347 def __wrapper(self, func, *fargs, **fkwargs): |
548
b75b77ef649d
renamed hg_app to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
348 user = session.get('rhodecode_user', AuthUser()) |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
349 log.debug('Checking login required for user:%s', user.username) |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
350 if user.is_authenticated: |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
351 log.debug('user %s is authenticated', user.username) |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
352 return func(*fargs, **fkwargs) |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
353 else: |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
354 log.warn('user %s not authenticated', user.username) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
355 |
508
fdb78a140ae4
fixes #35 hg-app does not respect SCRIPT_NAME
Marcin Kuzminski <marcin@python-works.com>
parents:
474
diff
changeset
|
356 p = '' |
fdb78a140ae4
fixes #35 hg-app does not respect SCRIPT_NAME
Marcin Kuzminski <marcin@python-works.com>
parents:
474
diff
changeset
|
357 if request.environ.get('SCRIPT_NAME') != '/': |
fdb78a140ae4
fixes #35 hg-app does not respect SCRIPT_NAME
Marcin Kuzminski <marcin@python-works.com>
parents:
474
diff
changeset
|
358 p += request.environ.get('SCRIPT_NAME') |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
359 |
508
fdb78a140ae4
fixes #35 hg-app does not respect SCRIPT_NAME
Marcin Kuzminski <marcin@python-works.com>
parents:
474
diff
changeset
|
360 p += request.environ.get('PATH_INFO') |
437
930f8182a884
Added redirection to page that request came from, after login in
Marcin Kuzminski <marcin@python-works.com>
parents:
424
diff
changeset
|
361 if request.environ.get('QUERY_STRING'): |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
362 p += '?' + request.environ.get('QUERY_STRING') |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
363 |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
364 log.debug('redirecting to login page with %s', p) |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
365 return redirect(url('login_home', came_from=p)) |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
366 |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
367 class NotAnonymous(object): |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
368 """Must be logged in to execute this function else |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
369 redirect to login page""" |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
370 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
371 def __call__(self, func): |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
372 return decorator(self.__wrapper, func) |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
373 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
374 def __wrapper(self, func, *fargs, **fkwargs): |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
375 user = session.get('rhodecode_user', AuthUser()) |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
376 log.debug('Checking if user is not anonymous') |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
377 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
378 anonymous = user.username == 'default' |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
379 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
380 if anonymous: |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
381 p = '' |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
382 if request.environ.get('SCRIPT_NAME') != '/': |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
383 p += request.environ.get('SCRIPT_NAME') |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
384 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
385 p += request.environ.get('PATH_INFO') |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
386 if request.environ.get('QUERY_STRING'): |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
387 p += '?' + request.environ.get('QUERY_STRING') |
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
388 |
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
389 import rhodecode.lib.helpers as h |
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
390 h.flash(_('You need to be a registered user to perform this action'), |
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
391 category='warning') |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
392 return redirect(url('login_home', came_from=p)) |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
393 else: |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
394 return func(*fargs, **fkwargs) |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
395 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
396 class PermsDecorator(object): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
397 """Base class for decorators""" |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
398 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
399 def __init__(self, *required_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
400 available_perms = config['available_permissions'] |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
401 for perm in required_perms: |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
402 if perm not in available_perms: |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
403 raise Exception("'%s' permission is not defined" % perm) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
404 self.required_perms = set(required_perms) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
405 self.user_perms = None |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
406 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
407 def __call__(self, func): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
408 return decorator(self.__wrapper, func) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
409 |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
410 |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
411 def __wrapper(self, func, *fargs, **fkwargs): |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
412 # _wrapper.__name__ = func.__name__ |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
413 # _wrapper.__dict__.update(func.__dict__) |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
414 # _wrapper.__doc__ = func.__doc__ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
415 self.user = session.get('rhodecode_user', AuthUser()) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
416 self.user_perms = self.user.permissions |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
417 log.debug('checking %s permissions %s for %s %s', |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
418 self.__class__.__name__, self.required_perms, func.__name__, |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
419 self.user) |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
420 |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
421 if self.check_permissions(): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
422 log.debug('Permission granted for %s %s', func.__name__, self.user) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
423 |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
424 return func(*fargs, **fkwargs) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
425 |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
426 else: |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
427 log.warning('Permission denied for %s %s', func.__name__, self.user) |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
428 #redirect with forbidden ret code |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
429 return abort(403) |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
430 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
431 |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
432 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
433 def check_permissions(self): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
434 """Dummy function for overriding""" |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
435 raise Exception('You have to write this function in child class') |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
436 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
437 class HasPermissionAllDecorator(PermsDecorator): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
438 """Checks for access permission for all given predicates. All of them |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
439 have to be meet in order to fulfill the request |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
440 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
441 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
442 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
443 if self.required_perms.issubset(self.user_perms.get('global')): |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
444 return True |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
445 return False |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
446 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
447 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
448 class HasPermissionAnyDecorator(PermsDecorator): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
449 """Checks for access permission for any of given predicates. In order to |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
450 fulfill the request any of predicates must be meet |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
451 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
452 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
453 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
454 if self.required_perms.intersection(self.user_perms.get('global')): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
455 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
456 return False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
457 |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
458 class HasRepoPermissionAllDecorator(PermsDecorator): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
459 """Checks for access permission for all given predicates for specific |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
460 repository. All of them have to be meet in order to fulfill the request |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
461 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
462 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
463 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
464 repo_name = get_repo_slug(request) |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
465 try: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
466 user_perms = set([self.user_perms['repositories'][repo_name]]) |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
467 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
468 return False |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
469 if self.required_perms.issubset(user_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
470 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
471 return False |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
472 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
473 |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
474 class HasRepoPermissionAnyDecorator(PermsDecorator): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
475 """Checks for access permission for any of given predicates for specific |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
476 repository. In order to fulfill the request any of predicates must be meet |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
477 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
478 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
479 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
480 repo_name = get_repo_slug(request) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
481 |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
482 try: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
483 user_perms = set([self.user_perms['repositories'][repo_name]]) |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
484 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
485 return False |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
486 if self.required_perms.intersection(user_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
487 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
488 return False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
489 #=============================================================================== |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
490 # CHECK FUNCTIONS |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
491 #=============================================================================== |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
492 |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
493 class PermsFunction(object): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
494 """Base function for other check functions""" |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
495 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
496 def __init__(self, *perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
497 available_perms = config['available_permissions'] |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
498 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
499 for perm in perms: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
500 if perm not in available_perms: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
501 raise Exception("'%s' permission in not defined" % perm) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
502 self.required_perms = set(perms) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
503 self.user_perms = None |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
504 self.granted_for = '' |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
505 self.repo_name = None |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
506 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
507 def __call__(self, check_Location=''): |
548
b75b77ef649d
renamed hg_app to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
508 user = session.get('rhodecode_user', False) |
333 | 509 if not user: |
510 return False | |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
511 self.user_perms = user.permissions |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
512 self.granted_for = user.username |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
513 log.debug('checking %s %s %s', self.__class__.__name__, |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
514 self.required_perms, user) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
515 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
516 if self.check_permissions(): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
517 log.debug('Permission granted for %s @ %s %s', self.granted_for, |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
518 check_Location, user) |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
519 return True |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
520 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
521 else: |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
522 log.warning('Permission denied for %s @ %s %s', self.granted_for, |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
523 check_Location, user) |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
524 return False |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
525 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
526 def check_permissions(self): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
527 """Dummy function for overriding""" |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
528 raise Exception('You have to write this function in child class') |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
529 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
530 class HasPermissionAll(PermsFunction): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
531 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
532 if self.required_perms.issubset(self.user_perms.get('global')): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
533 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
534 return False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
535 |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
536 class HasPermissionAny(PermsFunction): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
537 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
538 if self.required_perms.intersection(self.user_perms.get('global')): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
539 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
540 return False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
541 |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
542 class HasRepoPermissionAll(PermsFunction): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
543 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
544 def __call__(self, repo_name=None, check_Location=''): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
545 self.repo_name = repo_name |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
546 return super(HasRepoPermissionAll, self).__call__(check_Location) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
547 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
548 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
549 if not self.repo_name: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
550 self.repo_name = get_repo_slug(request) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
551 |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
552 try: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
553 self.user_perms = set([self.user_perms['repositories']\ |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
554 [self.repo_name]]) |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
555 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
556 return False |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
557 self.granted_for = self.repo_name |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
558 if self.required_perms.issubset(self.user_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
559 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
560 return False |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
561 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
562 class HasRepoPermissionAny(PermsFunction): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
563 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
564 def __call__(self, repo_name=None, check_Location=''): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
565 self.repo_name = repo_name |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
566 return super(HasRepoPermissionAny, self).__call__(check_Location) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
567 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
568 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
569 if not self.repo_name: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
570 self.repo_name = get_repo_slug(request) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
571 |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
572 try: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
573 self.user_perms = set([self.user_perms['repositories']\ |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
574 [self.repo_name]]) |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
575 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
576 return False |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
577 self.granted_for = self.repo_name |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
578 if self.required_perms.intersection(self.user_perms): |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
579 return True |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
580 return False |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
581 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
582 #=============================================================================== |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
583 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
584 #=============================================================================== |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
585 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
586 class HasPermissionAnyMiddleware(object): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
587 def __init__(self, *perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
588 self.required_perms = set(perms) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
589 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
590 def __call__(self, user, repo_name): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
591 usr = AuthUser() |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
592 usr.user_id = user.user_id |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
593 usr.username = user.username |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
594 usr.is_admin = user.admin |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
595 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
596 try: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
597 self.user_perms = set([fill_perms(usr)\ |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
598 .permissions['repositories'][repo_name]]) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
599 except: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
600 self.user_perms = set() |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
601 self.granted_for = '' |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
602 self.username = user.username |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
603 self.repo_name = repo_name |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
604 return self.check_permissions() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
605 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
606 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
607 log.debug('checking mercurial protocol ' |
1040
8e49b6ceffe1
fixes fixes fixes ! optimized queries on journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1036
diff
changeset
|
608 'permissions %s for user:%s repository:%s', self.user_perms, |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
609 self.username, self.repo_name) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
610 if self.required_perms.intersection(self.user_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
611 log.debug('permission granted') |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
612 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
613 log.debug('permission denied') |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
614 return False |