Mercurial > kallithea

annotate rhodecode/model/permission.py @ 2031:82a88013a3fd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge 1.3 into stable
author Marcin Kuzminski <marcin@python-works.com>
date Sun, 26 Feb 2012 17:25:09 +0200
parents bf263968da47 89efedac4e6c
children 63e58ef80ef1
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
759
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
1 # -*- coding: utf-8 -*-
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
2 """
811
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
3 rhodecode.model.permission
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
5
759
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
6 permissions model for RhodeCode
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 902
diff changeset
7
759
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
8 :created_on: Aug 20, 2010
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
9 :author: marcink
1824
89efedac4e6c 2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents: 1734
diff changeset
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
759
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
11 :license: GPLv3, see COPYING for more details.
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
12 """
1206
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
13 # This program is free software: you can redistribute it and/or modify
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
14 # it under the terms of the GNU General Public License as published by
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
15 # the Free Software Foundation, either version 3 of the License, or
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
16 # (at your option) any later version.
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 902
diff changeset
17 #
417
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
18 # This program is distributed in the hope that it will be useful,
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
21 # GNU General Public License for more details.
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 902
diff changeset
22 #
417
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
23 # You should have received a copy of the GNU General Public License
1206
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
759
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
25
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
26 import logging
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
27 import traceback
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
28
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
29 from sqlalchemy.exc import DatabaseError
417
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
30
1669
f522f4d3bf93 moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents: 1633
diff changeset
31 from rhodecode.lib.caching_query import FromCache
f522f4d3bf93 moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents: 1633
diff changeset
32
752
89b9037d68b7 fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents: 751
diff changeset
33 from rhodecode.model import BaseModel
1633
2c0d35e336b5 refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents: 1271
diff changeset
34 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm
1669
f522f4d3bf93 moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents: 1633
diff changeset
35
417
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
36 log = logging.getLogger(__name__)
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
37
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
38
752
89b9037d68b7 fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents: 751
diff changeset
39 class PermissionModel(BaseModel):
1716
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
40 """
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
41 Permissions model for RhodeCode
811
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
42 """
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
43
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
44 def get_permission(self, permission_id, cache=False):
1716
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
45 """
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
46 Get's permissions by id
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 902
diff changeset
47
811
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
48 :param permission_id: id of permission to get from database
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
49 :param cache: use Cache for this query
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
50 """
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
51 perm = self.sa.query(Permission)
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
52 if cache:
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
53 perm = perm.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
54 "get_permission_%s" % permission_id))
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
55 return perm.get(permission_id)
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
56
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
57 def get_permission_by_name(self, name, cache=False):
1716
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
58 """
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
59 Get's permissions by given name
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 902
diff changeset
60
811
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
61 :param name: name to fetch
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
62 :param cache: Use cache for this query
bb35ad076e2f docs updates
Marcin Kuzminski <marcin@python-works.com>
parents: 759
diff changeset
63 """
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
64 perm = self.sa.query(Permission)\
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
65 .filter(Permission.permission_name == name)
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
66 if cache:
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
67 perm = perm.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
68 "get_permission_%s" % name))
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
69 return perm.scalar()
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
70
417
3ed2d46a2ca7 permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
71 def update(self, form_result):
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
72 perm_user = self.sa.query(User)\
1734
48d4fcf04a29 another major refactoring with session management
Marcin Kuzminski <marcin@python-works.com>
parents: 1716
diff changeset
73 .filter(User.username ==
48d4fcf04a29 another major refactoring with session management
Marcin Kuzminski <marcin@python-works.com>
parents: 1716
diff changeset
74 form_result['perm_user_name']).scalar()
1271
aa7e45ad0cea Fixed permissions for users groups, group can have create repo permission now.
Marcin Kuzminski <marcin@python-works.com>
parents: 1206
diff changeset
75 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
aa7e45ad0cea Fixed permissions for users groups, group can have create repo permission now.
Marcin Kuzminski <marcin@python-works.com>
parents: 1206
diff changeset
76 perm_user).all()
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
77 if len(u2p) != 3:
673
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
78 raise Exception('Defined: %s should be 3 permissions for default'
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
79 ' user. This should not happen please verify'
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
80 ' your database' % len(u2p))
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
81
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
82 try:
1716
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
83 # stage 1 change defaults
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
84 for p in u2p:
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
85 if p.permission.permission_name.startswith('repository.'):
673
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
86 p.permission = self.get_permission_by_name(
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
87 form_result['default_perm'])
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
88 self.sa.add(p)
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
89
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
90 if p.permission.permission_name.startswith('hg.register.'):
673
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
91 p.permission = self.get_permission_by_name(
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
92 form_result['default_register'])
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
93 self.sa.add(p)
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
94
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
95 if p.permission.permission_name.startswith('hg.create.'):
673
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
96 p.permission = self.get_permission_by_name(
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
97 form_result['default_create'])
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
98 self.sa.add(p)
751
ff881ec6a140 bugfix default permissions settings did not read overwrite setting
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
99
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
100 #stage 2 update all default permissions for repos if checked
751
ff881ec6a140 bugfix default permissions settings did not read overwrite setting
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
101 if form_result['overwrite_default'] == True:
1633
2c0d35e336b5 refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents: 1271
diff changeset
102 for r2p in self.sa.query(UserRepoToPerm)\
2c0d35e336b5 refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents: 1271
diff changeset
103 .filter(UserRepoToPerm.user == perm_user).all():
673
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
104 r2p.permission = self.get_permission_by_name(
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
105 form_result['default_perm'])
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
106 self.sa.add(r2p)
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
107
1716
7d1fc253549e notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents: 1669
diff changeset
108 # stage 3 set anonymous access
673
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
109 if perm_user.username == 'default':
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
110 perm_user.active = bool(form_result['anonymous'])
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
111 self.sa.add(perm_user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents: 629
diff changeset
112
759
a7f50911a945 Models code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents: 752
diff changeset
113 except (DatabaseError,):
418
63c697d1a631 added logic for changin defualt permissions, and option to overwrite all defualt permissions on each repository
Marcin Kuzminski <marcin@python-works.com>
parents: 417
diff changeset
114 log.error(traceback.format_exc())
629
7e536d1af60d Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents: 547
diff changeset
115 raise