Mercurial > kallithea
annotate kallithea/lib/auth.py @ 4208:ad38f9f93b3b kallithea-2.2.5-rebrand
Correct licensing information in individual files.
The top-level license file is now LICENSE.md.
Also, in various places where there should have been joint copyright holders
listed, a single copyright holder was listed. It does not appear easy to add
a link to a large list of copyright holders in these places, so it simply
refers to the fact that various authors hold copyright.
In future, if an easy method is discovered to link to a list from those
places, we should do so.
Finally, text is added to LICENSE.md to point to where the full list of
copyright holders is, and that Kallithea as a whole is GPLv3'd.
author | Bradley M. Kuhn <bkuhn@sfconservancy.org> |
---|---|
date | Wed, 21 May 2014 16:59:37 -0400 |
parents | 05fe69812197 |
children | 1948ede028ef |
rev | line source |
---|---|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
1 # -*- coding: utf-8 -*- |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
2 # This program is free software: you can redistribute it and/or modify |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
3 # it under the terms of the GNU General Public License as published by |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
4 # the Free Software Foundation, either version 3 of the License, or |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
5 # (at your option) any later version. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
6 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
7 # This program is distributed in the hope that it will be useful, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
10 # GNU General Public License for more details. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
11 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
12 # You should have received a copy of the GNU General Public License |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
14 """ |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
15 kallithea.lib.auth |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
16 ~~~~~~~~~~~~~~~~~~ |
381
55377fdc1fc6
cleared global application settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
380
diff
changeset
|
17 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
18 authentication and permission libraries |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
19 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
20 :created_on: Apr 4, 2010 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
21 :author: marcink |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
22 :copyright: (c) 2013 RhodeCode GmbH. |
4208
ad38f9f93b3b
Correct licensing information in individual files.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4202
diff
changeset
|
23 :license: GPLv3, see LICENSE.md for more details. |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
24 """ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
25 from __future__ import with_statement |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
26 import time |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
27 import random |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
28 import logging |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
29 import traceback |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
30 import hashlib |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
31 import itertools |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
32 import collections |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
33 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
34 from tempfile import _RandomNameSequence |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
35 from decorator import decorator |
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
36 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
37 from pylons import url, request |
52 | 38 from pylons.controllers.util import abort, redirect |
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
39 from pylons.i18n.translation import _ |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
40 from sqlalchemy import or_ |
3212
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
41 from sqlalchemy.orm.exc import ObjectDeletedError |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
42 from sqlalchemy.orm import joinedload |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
43 |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
44 from kallithea import __platform__, is_windows, is_unix |
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
45 from kallithea.lib.vcs.utils.lazy import LazyProperty |
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
46 from kallithea.model import meta |
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
47 from kallithea.model.meta import Session |
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
48 from kallithea.model.user import UserModel |
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
49 from kallithea.model.db import User, Repository, Permission, \ |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
50 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
51 RepoGroup, UserGroupRepoGroupToPerm, UserIpMap, UserGroupUserGroupToPerm, \ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
52 UserGroup, UserApiKeys |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
53 |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
54 from kallithea.lib.utils2 import safe_unicode, aslist |
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
55 from kallithea.lib.utils import get_repo_slug, get_repo_group_slug, \ |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
56 get_user_group_slug, conditional_cache |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
57 from kallithea.lib.caching_query import FromCache |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
58 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
59 from beaker.cache import cache_region |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
60 |
1246 | 61 log = logging.getLogger(__name__) |
343
6484963056cd
implemented cache for repeated queries in simplehg mercurial requests
Marcin Kuzminski <marcin@python-works.com>
parents:
339
diff
changeset
|
62 |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
63 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
64 class PasswordGenerator(object): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
65 """ |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
66 This is a simple class for generating password from different sets of |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
67 characters |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
68 usage:: |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
69 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
70 passwd_gen = PasswordGenerator() |
1246 | 71 #print 8-letter password containing only big and small letters |
72 of alphabet | |
2278
24095abde696
print statement cleanup
Marcin Kuzminski <marcin@python-works.com>
parents:
2125
diff
changeset
|
73 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL) |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
74 """ |
1246 | 75 ALPHABETS_NUM = r'''1234567890''' |
76 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm''' | |
77 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM''' | |
78 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' | |
79 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \ | |
80 + ALPHABETS_NUM + ALPHABETS_SPECIAL | |
81 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM | |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
82 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL |
1246 | 83 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM |
84 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM | |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
85 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
86 def __init__(self, passwd=''): |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
87 self.passwd = passwd |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
88 |
1993
4d3179d2adfe
added optional password type in password generator
Marcin Kuzminski <marcin@python-works.com>
parents:
1992
diff
changeset
|
89 def gen_password(self, length, type_=None): |
4d3179d2adfe
added optional password type in password generator
Marcin Kuzminski <marcin@python-works.com>
parents:
1992
diff
changeset
|
90 if type_ is None: |
4d3179d2adfe
added optional password type in password generator
Marcin Kuzminski <marcin@python-works.com>
parents:
1992
diff
changeset
|
91 type_ = self.ALPHABETS_FULL |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
92 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)]) |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
93 return self.passwd |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
94 |
1246 | 95 |
4202
05fe69812197
Rename RhodeCodeCrypto to KallitheaCrypto
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4197
diff
changeset
|
96 class KallitheaCrypto(object): |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
97 |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
98 @classmethod |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
99 def hash_string(cls, str_): |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
100 """ |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
101 Cryptographic function used for password hashing based on pybcrypt |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
102 or pycrypto in windows |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
103 |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
104 :param password: password to hash |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
105 """ |
2634
4b17216f2110
Deprecated validation of operating system, we just care if it's windows, let approve all other
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
106 if is_windows: |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2458
diff
changeset
|
107 from hashlib import sha256 |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
108 return sha256(str_).hexdigest() |
2634
4b17216f2110
Deprecated validation of operating system, we just care if it's windows, let approve all other
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
109 elif is_unix: |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2458
diff
changeset
|
110 import bcrypt |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
111 return bcrypt.hashpw(str_, bcrypt.gensalt(10)) |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
112 else: |
1246 | 113 raise Exception('Unknown or unsupported platform %s' \ |
114 % __platform__) | |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
115 |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
116 @classmethod |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
117 def hash_check(cls, password, hashed): |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
118 """ |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
119 Checks matching password with it's hashed value, runs different |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
120 implementation based on platform it runs on |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
121 |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
122 :param password: password |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
123 :param hashed: password in hashed form |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
124 """ |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
125 |
2634
4b17216f2110
Deprecated validation of operating system, we just care if it's windows, let approve all other
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
126 if is_windows: |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2458
diff
changeset
|
127 from hashlib import sha256 |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
128 return sha256(password).hexdigest() == hashed |
2634
4b17216f2110
Deprecated validation of operating system, we just care if it's windows, let approve all other
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
129 elif is_unix: |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2458
diff
changeset
|
130 import bcrypt |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
131 return bcrypt.hashpw(password, hashed) == hashed |
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
132 else: |
1246 | 133 raise Exception('Unknown or unsupported platform %s' \ |
134 % __platform__) | |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
135 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
136 |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
137 def get_crypt_password(password): |
4202
05fe69812197
Rename RhodeCodeCrypto to KallitheaCrypto
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4197
diff
changeset
|
138 return KallitheaCrypto.hash_string(password) |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
139 |
1246 | 140 |
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
141 def check_password(password, hashed): |
4202
05fe69812197
Rename RhodeCodeCrypto to KallitheaCrypto
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4197
diff
changeset
|
142 return KallitheaCrypto.hash_check(password, hashed) |
415
04e8b31fb245
Changed password crypting scheme to bcrypt, added dependency for setup
Marcin Kuzminski <marcin@python-works.com>
parents:
412
diff
changeset
|
143 |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
144 |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
145 def generate_api_key(str_, salt=None): |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
146 """ |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
147 Generates API KEY from given string |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
148 |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
149 :param str_: |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
150 :param salt: |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
151 """ |
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
152 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
153 if salt is None: |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
154 salt = _RandomNameSequence().next() |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
155 |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
156 return hashlib.sha1(str_ + salt).hexdigest() |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
157 |
1246 | 158 |
2030
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
159 class CookieStoreWrapper(object): |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
160 |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
161 def __init__(self, cookie_store): |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
162 self.cookie_store = cookie_store |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
163 |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
164 def __repr__(self): |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
165 return 'CookieStore<%s>' % (self.cookie_store) |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
166 |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
167 def get(self, key, other=None): |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
168 if isinstance(self.cookie_store, dict): |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
169 return self.cookie_store.get(key, other) |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
170 elif isinstance(self.cookie_store, AuthUser): |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
171 return self.cookie_store.__dict__.get(key, other) |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
172 |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
173 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
174 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
175 def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
176 explicit, algo): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
177 RK = 'repositories' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
178 GK = 'repositories_groups' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
179 UK = 'user_groups' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
180 GLOBAL = 'global' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
181 PERM_WEIGHTS = Permission.PERM_WEIGHTS |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
182 permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()} |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
183 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
184 def _choose_perm(new_perm, cur_perm): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
185 new_perm_val = PERM_WEIGHTS[new_perm] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
186 cur_perm_val = PERM_WEIGHTS[cur_perm] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
187 if algo == 'higherwin': |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
188 if new_perm_val > cur_perm_val: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
189 return new_perm |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
190 return cur_perm |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
191 elif algo == 'lowerwin': |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
192 if new_perm_val < cur_perm_val: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
193 return new_perm |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
194 return cur_perm |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
195 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
196 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
197 # fetch default permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
198 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
199 default_user = User.get_by_username('default', cache=True) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
200 default_user_id = default_user.user_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
201 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
202 default_repo_perms = Permission.get_default_perms(default_user_id) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
203 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
204 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
205 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
206 if user_is_admin: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
207 #================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
208 # admin user have all default rights for repositories |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
209 # and groups set to admin |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
210 #================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
211 permissions[GLOBAL].add('hg.admin') |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
212 permissions[GLOBAL].add('hg.create.write_on_repogroup.true') |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
213 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
214 # repositories |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
215 for perm in default_repo_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
216 r_k = perm.UserRepoToPerm.repository.repo_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
217 p = 'repository.admin' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
218 permissions[RK][r_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
219 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
220 # repository groups |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
221 for perm in default_repo_groups_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
222 rg_k = perm.UserRepoGroupToPerm.group.group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
223 p = 'group.admin' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
224 permissions[GK][rg_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
225 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
226 # user groups |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
227 for perm in default_user_group_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
228 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
229 p = 'usergroup.admin' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
230 permissions[UK][u_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
231 return permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
232 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
233 #================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
234 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
235 #================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
236 uid = user_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
237 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
238 # default global permissions taken fron the default user |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
239 default_global_perms = UserToPerm.query()\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
240 .filter(UserToPerm.user_id == default_user_id)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
241 .options(joinedload(UserToPerm.permission)) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
242 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
243 for perm in default_global_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
244 permissions[GLOBAL].add(perm.permission.permission_name) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
245 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
246 # defaults for repositories, taken from default user |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
247 for perm in default_repo_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
248 r_k = perm.UserRepoToPerm.repository.repo_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
249 if perm.Repository.private and not (perm.Repository.user_id == uid): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
250 # disable defaults for private repos, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
251 p = 'repository.none' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
252 elif perm.Repository.user_id == uid: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
253 # set admin if owner |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
254 p = 'repository.admin' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
255 else: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
256 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
257 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
258 permissions[RK][r_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
259 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
260 # defaults for repository groups taken from default user permission |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
261 # on given group |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
262 for perm in default_repo_groups_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
263 rg_k = perm.UserRepoGroupToPerm.group.group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
264 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
265 permissions[GK][rg_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
266 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
267 # defaults for user groups taken from default user permission |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
268 # on given user group |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
269 for perm in default_user_group_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
270 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
271 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
272 permissions[UK][u_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
273 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
274 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
275 # !! OVERRIDE GLOBALS !! with user permissions if any found |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
276 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
277 # those can be configured from groups or users explicitly |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
278 _configurable = set([ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
279 'hg.fork.none', 'hg.fork.repository', |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
280 'hg.create.none', 'hg.create.repository', |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
281 'hg.usergroup.create.false', 'hg.usergroup.create.true' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
282 ]) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
283 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
284 # USER GROUPS comes first |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
285 # user group global permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
286 user_perms_from_users_groups = Session().query(UserGroupToPerm)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
287 .options(joinedload(UserGroupToPerm.permission))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
288 .join((UserGroupMember, UserGroupToPerm.users_group_id == |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
289 UserGroupMember.users_group_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
290 .filter(UserGroupMember.user_id == uid)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
291 .order_by(UserGroupToPerm.users_group_id)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
292 .all() |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
293 # need to group here by groups since user can be in more than |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
294 # one group |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
295 _grouped = [[x, list(y)] for x, y in |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
296 itertools.groupby(user_perms_from_users_groups, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
297 lambda x:x.users_group)] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
298 for gr, perms in _grouped: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
299 # since user can be in multiple groups iterate over them and |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
300 # select the lowest permissions first (more explicit) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
301 ##TODO: do this^^ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
302 if not gr.inherit_default_permissions: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
303 # NEED TO IGNORE all configurable permissions and |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
304 # replace them with explicitly set |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
305 permissions[GLOBAL] = permissions[GLOBAL]\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
306 .difference(_configurable) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
307 for perm in perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
308 permissions[GLOBAL].add(perm.permission.permission_name) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
309 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
310 # user specific global permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
311 user_perms = Session().query(UserToPerm)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
312 .options(joinedload(UserToPerm.permission))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
313 .filter(UserToPerm.user_id == uid).all() |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
314 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
315 if not user_inherit_default_permissions: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
316 # NEED TO IGNORE all configurable permissions and |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
317 # replace them with explicitly set |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
318 permissions[GLOBAL] = permissions[GLOBAL]\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
319 .difference(_configurable) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
320 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
321 for perm in user_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
322 permissions[GLOBAL].add(perm.permission.permission_name) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
323 ## END GLOBAL PERMISSIONS |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
324 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
325 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
326 # !! PERMISSIONS FOR REPOSITORIES !! |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
327 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
328 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
329 # check if user is part of user groups for this repository and |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
330 # fill in his permission from it. _choose_perm decides of which |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
331 # permission should be selected based on selected method |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
332 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
333 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
334 # user group for repositories permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
335 user_repo_perms_from_users_groups = \ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
336 Session().query(UserGroupRepoToPerm, Permission, Repository,)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
337 .join((Repository, UserGroupRepoToPerm.repository_id == |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
338 Repository.repo_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
339 .join((Permission, UserGroupRepoToPerm.permission_id == |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
340 Permission.permission_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
341 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
342 UserGroupMember.users_group_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
343 .filter(UserGroupMember.user_id == uid)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
344 .all() |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
345 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
346 multiple_counter = collections.defaultdict(int) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
347 for perm in user_repo_perms_from_users_groups: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
348 r_k = perm.UserGroupRepoToPerm.repository.repo_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
349 multiple_counter[r_k] += 1 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
350 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
351 cur_perm = permissions[RK][r_k] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
352 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
353 if perm.Repository.user_id == uid: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
354 # set admin if owner |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
355 p = 'repository.admin' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
356 else: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
357 if multiple_counter[r_k] > 1: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
358 p = _choose_perm(p, cur_perm) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
359 permissions[RK][r_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
360 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
361 # user explicit permissions for repositories, overrides any specified |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
362 # by the group permission |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
363 user_repo_perms = Permission.get_default_perms(uid) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
364 for perm in user_repo_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
365 r_k = perm.UserRepoToPerm.repository.repo_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
366 cur_perm = permissions[RK][r_k] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
367 # set admin if owner |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
368 if perm.Repository.user_id == uid: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
369 p = 'repository.admin' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
370 else: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
371 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
372 if not explicit: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
373 p = _choose_perm(p, cur_perm) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
374 permissions[RK][r_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
375 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
376 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
377 # !! PERMISSIONS FOR REPOSITORY GROUPS !! |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
378 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
379 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
380 # check if user is part of user groups for this repository groups and |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
381 # fill in his permission from it. _choose_perm decides of which |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
382 # permission should be selected based on selected method |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
383 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
384 # user group for repo groups permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
385 user_repo_group_perms_from_users_groups = \ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
386 Session().query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
387 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
388 .join((Permission, UserGroupRepoGroupToPerm.permission_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
389 == Permission.permission_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
390 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
391 == UserGroupMember.users_group_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
392 .filter(UserGroupMember.user_id == uid)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
393 .all() |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
394 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
395 multiple_counter = collections.defaultdict(int) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
396 for perm in user_repo_group_perms_from_users_groups: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
397 g_k = perm.UserGroupRepoGroupToPerm.group.group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
398 multiple_counter[g_k] += 1 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
399 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
400 cur_perm = permissions[GK][g_k] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
401 if multiple_counter[g_k] > 1: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
402 p = _choose_perm(p, cur_perm) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
403 permissions[GK][g_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
404 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
405 # user explicit permissions for repository groups |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
406 user_repo_groups_perms = Permission.get_default_group_perms(uid) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
407 for perm in user_repo_groups_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
408 rg_k = perm.UserRepoGroupToPerm.group.group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
409 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
410 cur_perm = permissions[GK][rg_k] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
411 if not explicit: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
412 p = _choose_perm(p, cur_perm) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
413 permissions[GK][rg_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
414 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
415 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
416 # !! PERMISSIONS FOR USER GROUPS !! |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
417 #====================================================================== |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
418 # user group for user group permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
419 user_group_user_groups_perms = \ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
420 Session().query(UserGroupUserGroupToPerm, Permission, UserGroup)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
421 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
422 == UserGroup.users_group_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
423 .join((Permission, UserGroupUserGroupToPerm.permission_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
424 == Permission.permission_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
425 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
426 == UserGroupMember.users_group_id))\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
427 .filter(UserGroupMember.user_id == uid)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
428 .all() |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
429 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
430 multiple_counter = collections.defaultdict(int) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
431 for perm in user_group_user_groups_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
432 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
433 multiple_counter[g_k] += 1 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
434 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
435 cur_perm = permissions[UK][g_k] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
436 if multiple_counter[g_k] > 1: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
437 p = _choose_perm(p, cur_perm) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
438 permissions[UK][g_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
439 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
440 #user explicit permission for user groups |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
441 user_user_groups_perms = Permission.get_default_user_group_perms(uid) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
442 for perm in user_user_groups_perms: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
443 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
444 p = perm.Permission.permission_name |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
445 cur_perm = permissions[UK][u_k] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
446 if not explicit: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
447 p = _choose_perm(p, cur_perm) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
448 permissions[UK][u_k] = p |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
449 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
450 return permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
451 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
452 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
453 def allowed_api_access(controller_name, whitelist=None, api_key=None): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
454 """ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
455 Check if given controller_name is in whitelist API access |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
456 """ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
457 if not whitelist: |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
458 from kallithea import CONFIG |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
459 whitelist = aslist(CONFIG.get('api_access_controllers_whitelist'), |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
460 sep=',') |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
461 log.debug('whitelist of API access is: %s' % (whitelist)) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
462 api_access_valid = controller_name in whitelist |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
463 if api_access_valid: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
464 log.debug('controller:%s is in API whitelist' % (controller_name)) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
465 else: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
466 msg = 'controller: %s is *NOT* in API whitelist' % (controller_name) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
467 if api_key: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
468 #if we use API key and don't have access it's a warning |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
469 log.warning(msg) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
470 else: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
471 log.debug(msg) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
472 return api_access_valid |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
473 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
474 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
475 class AuthUser(object): |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
476 """ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
477 A simple object that handles all attributes of user in RhodeCode |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
478 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
479 It does lookup based on API key,given user, or user present in session |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
480 Then it fills all required information for such user. It also checks if |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
481 anonymous access is enabled and if so, it returns default user as logged in |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
482 """ |
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
483 |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
484 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None): |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
485 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
486 self.user_id = user_id |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
487 self._api_key = api_key |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
488 |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1118
diff
changeset
|
489 self.api_key = None |
1617
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
490 self.username = username |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
491 self.ip_addr = ip_addr |
355
5bbcc0cac389
added session remove in forms, and added name and lastname to auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
350
diff
changeset
|
492 self.name = '' |
5bbcc0cac389
added session remove in forms, and added name and lastname to auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
350
diff
changeset
|
493 self.lastname = '' |
404
a10bdd0b05a7
fixed user email for gravatars
Marcin Kuzminski <marcin@python-works.com>
parents:
399
diff
changeset
|
494 self.email = '' |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
495 self.is_authenticated = False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
496 self.admin = False |
2714
a2eaa0054430
fixed error when disabled anonymous access lead to error on server
Marcin Kuzminski <marcin@python-works.com>
parents:
2709
diff
changeset
|
497 self.inherit_default_permissions = False |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
498 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
499 self.propagate_data() |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
500 self._instance = None |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
501 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
502 @LazyProperty |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
503 def permissions(self): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
504 return self.get_perms(user=self, cache=False) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
505 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
506 @property |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
507 def api_keys(self): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
508 return self.get_api_keys() |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
509 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
510 def propagate_data(self): |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
511 user_model = UserModel() |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
512 self.anonymous_user = User.get_default_user(cache=True) |
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
513 is_user_loaded = False |
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
514 |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
515 # lookup by userid |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
516 if self.user_id is not None and self.user_id != self.anonymous_user.user_id: |
1976 | 517 log.debug('Auth User lookup by USER ID %s' % self.user_id) |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1617
diff
changeset
|
518 is_user_loaded = user_model.fill_data(self, user_id=self.user_id) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
519 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
520 # try go get user by api key |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
521 elif self._api_key and self._api_key != self.anonymous_user.api_key: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
522 log.debug('Auth User lookup by API KEY %s' % self._api_key) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
523 is_user_loaded = user_model.fill_data(self, api_key=self._api_key) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
524 |
1808
ff788e390497
fix issue #323 auth by suername only if container auth is enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
525 # lookup by username |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
526 elif self.username: |
1976 | 527 log.debug('Auth User lookup by USER NAME %s' % self.username) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
528 is_user_loaded = user_model.fill_data(self, username=self.username) |
2045
5b12cbae0b50
fixed issue with sessions that lead to redirection loops
Marcin Kuzminski <marcin@python-works.com>
parents:
2030
diff
changeset
|
529 else: |
5b12cbae0b50
fixed issue with sessions that lead to redirection loops
Marcin Kuzminski <marcin@python-works.com>
parents:
2030
diff
changeset
|
530 log.debug('No data in %s that could been used to log in' % self) |
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
531 |
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
532 if not is_user_loaded: |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
533 # if we cannot authenticate user try anonymous |
3625
260a7a01b054
follow Python conventions for boolean values
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
534 if self.anonymous_user.active: |
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
535 user_model.fill_data(self, user_id=self.anonymous_user.user_id) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
536 # then we set this user is logged in |
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
537 self.is_authenticated = True |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
538 else: |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1617
diff
changeset
|
539 self.user_id = None |
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1617
diff
changeset
|
540 self.username = None |
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
541 self.is_authenticated = False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
542 |
1617
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
543 if not self.username: |
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
544 self.username = 'None' |
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
545 |
1976 | 546 log.debug('Auth User is now %s' % self) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
547 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
548 def get_perms(self, user, explicit=True, algo='higherwin', cache=False): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
549 """ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
550 Fills user permission attribute with permissions taken from database |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
551 works for permissions given for repositories, and for permissions that |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
552 are granted to groups |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
553 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
554 :param user: instance of User object from database |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
555 :param explicit: In case there are permissions both for user and a group |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
556 that user is part of, explicit flag will defiine if user will |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
557 explicitly override permissions from group, if it's False it will |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
558 make decision based on the algo |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
559 :param algo: algorithm to decide what permission should be choose if |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
560 it's multiple defined, eg user in two different groups. It also |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
561 decides if explicit flag is turned off how to specify the permission |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
562 for case when user is in a group + have defined separate permission |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
563 """ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
564 user_id = user.user_id |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
565 user_is_admin = user.is_admin |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
566 user_inherit_default_permissions = user.inherit_default_permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
567 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
568 log.debug('Getting PERMISSION tree') |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
569 compute = conditional_cache('short_term', 'cache_desc', |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
570 condition=cache, func=_cached_perms_data) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
571 return compute(user_id, user_is_admin, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
572 user_inherit_default_permissions, explicit, algo) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
573 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
574 def get_api_keys(self): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
575 api_keys = [self.api_key] |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
576 for api_key in UserApiKeys.query()\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
577 .filter(UserApiKeys.user_id == self.user_id)\ |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
578 .filter(or_(UserApiKeys.expires == -1, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
579 UserApiKeys.expires >= time.time())).all(): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
580 api_keys.append(api_key.api_key) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
581 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
582 return api_keys |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
583 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
584 @property |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
585 def is_admin(self): |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
586 return self.admin |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
587 |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
588 @property |
3865
100be6988bb0
show admin menu and list for users who are admins of repos.
Marcin Kuzminski <marcin@python-works.com>
parents:
3786
diff
changeset
|
589 def repositories_admin(self): |
3371
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
590 """ |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
591 Returns list of repositories you're an admin of |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
592 """ |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
593 return [x[0] for x in self.permissions['repositories'].iteritems() |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
594 if x[1] == 'repository.admin'] |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
595 |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
596 @property |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
597 def repository_groups_admin(self): |
3371
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
598 """ |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3371
diff
changeset
|
599 Returns list of repository groups you're an admin of |
3371
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
600 """ |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
601 return [x[0] for x in self.permissions['repositories_groups'].iteritems() |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
602 if x[1] == 'group.admin'] |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
603 |
199fd214b213
Show admin dropdown for users who are admin of repo groups
Marcin Kuzminski <marcin@python-works.com>
parents:
3370
diff
changeset
|
604 @property |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
605 def user_groups_admin(self): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
606 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
607 Returns list of user groups you're an admin of |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
608 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
609 return [x[0] for x in self.permissions['user_groups'].iteritems() |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
610 if x[1] == 'usergroup.admin'] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
611 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
612 @property |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
613 def ip_allowed(self): |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
614 """ |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
615 Checks if ip_addr used in constructor is allowed from defined list of |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
616 allowed ip_addresses for user |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
617 |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
618 :returns: boolean, True if ip is in allowed ip range |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
619 """ |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
620 # check IP |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
621 inherit = self.inherit_default_permissions |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
622 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
623 inherit_from_default=inherit) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
624 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
625 @classmethod |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
626 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
627 allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
628 inherit_from_default=inherit_from_default) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
629 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
630 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips)) |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
631 return True |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
632 else: |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
633 log.info('Access for IP:%s forbidden, ' |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
634 'not in %s' % (ip_addr, allowed_ips)) |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
635 return False |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
636 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
637 def __repr__(self): |
3903
ddd05df2aced
added more info into __repr__ of auth user for better debugging and logging
Marcin Kuzminski <marcin@python-works.com>
parents:
3865
diff
changeset
|
638 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\ |
ddd05df2aced
added more info into __repr__ of auth user for better debugging and logging
Marcin Kuzminski <marcin@python-works.com>
parents:
3865
diff
changeset
|
639 % (self.user_id, self.username, self.ip_addr, self.is_authenticated) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
640 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
641 def set_authenticated(self, authenticated=True): |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
642 if self.user_id != self.anonymous_user.user_id: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
643 self.is_authenticated = authenticated |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
644 |
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
645 def get_cookie_store(self): |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
646 return {'username': self.username, |
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
647 'user_id': self.user_id, |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
648 'is_authenticated': self.is_authenticated} |
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
649 |
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
650 @classmethod |
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
651 def from_cookie_store(cls, cookie_store): |
2030
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
652 """ |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
653 Creates AuthUser from a cookie store |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
654 |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
655 :param cls: |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
656 :param cookie_store: |
61f9aeb2129e
Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability
Marcin Kuzminski <marcin@python-works.com>
parents:
2025
diff
changeset
|
657 """ |
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
658 user_id = cookie_store.get('user_id') |
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
659 username = cookie_store.get('username') |
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
660 api_key = cookie_store.get('api_key') |
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
661 return AuthUser(user_id, api_key, username) |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
662 |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
663 @classmethod |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
664 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False): |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
665 _set = set() |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
666 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
667 if inherit_from_default: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
668 default_ips = UserIpMap.query().filter(UserIpMap.user == |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
669 User.get_default_user(cache=True)) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
670 if cache: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
671 default_ips = default_ips.options(FromCache("sql_cache_short", |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
672 "get_user_ips_default")) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
673 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
674 # populate from default user |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
675 for ip in default_ips: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
676 try: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
677 _set.add(ip.ip_addr) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
678 except ObjectDeletedError: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
679 # since we use heavy caching sometimes it happens that we get |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
680 # deleted objects here, we just skip them |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
681 pass |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
682 |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
683 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id) |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
684 if cache: |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
685 user_ips = user_ips.options(FromCache("sql_cache_short", |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
686 "get_user_ips_%s" % user_id)) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
687 |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
688 for ip in user_ips: |
3212
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
689 try: |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
690 _set.add(ip.ip_addr) |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
691 except ObjectDeletedError: |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
692 # since we use heavy caching sometimes it happens that we get |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
693 # deleted objects here, we just skip them |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
694 pass |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
695 return _set or set(['0.0.0.0/0', '::/0']) |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
696 |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
697 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
698 def set_available_permissions(config): |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
699 """ |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
700 This function will propagate pylons globals with all available defined |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
701 permission given in db. We don't want to check each time from db for new |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
702 permissions since adding a new permission also requires application restart |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
703 ie. to decorate new views with the newly created permission |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
704 |
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
705 :param config: current pylons config instance |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
706 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
707 """ |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
708 log.info('getting information about all available permissions') |
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
709 try: |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1728
diff
changeset
|
710 sa = meta.Session |
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
711 all_perms = sa.query(Permission).all() |
4015
669721d1fe65
fixed edge case when connection to db fails and code reaches state of variable referenced before assignment
Marcin Kuzminski <marcin@python-works.com>
parents:
3960
diff
changeset
|
712 config['available_permissions'] = [x.permission_name for x in all_perms] |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
713 except Exception: |
4015
669721d1fe65
fixed edge case when connection to db fails and code reaches state of variable referenced before assignment
Marcin Kuzminski <marcin@python-works.com>
parents:
3960
diff
changeset
|
714 log.error(traceback.format_exc()) |
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
715 finally: |
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
716 meta.Session.remove() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
717 |
1246 | 718 |
719 #============================================================================== | |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
720 # CHECK DECORATORS |
1246 | 721 #============================================================================== |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
722 class LoginRequired(object): |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
723 """ |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
724 Must be logged in to execute this function else |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
725 redirect to login page |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
726 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
727 :param api_access: if enabled this checks only for valid auth token |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
728 and grants access based on valid token |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
729 """ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
730 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
731 def __init__(self, api_access=False): |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
732 self.api_access = api_access |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
733 |
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
734 def __call__(self, func): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
735 return decorator(self.__wrapper, func) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
736 |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
737 def __wrapper(self, func, *fargs, **fkwargs): |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
738 cls = fargs[0] |
4197
d208416c84c6
Rename rhodecode_user to authuser - it is an AuthUser instance
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4187
diff
changeset
|
739 user = cls.authuser |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
740 loc = "%s:%s" % (cls.__class__.__name__, func.__name__) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
741 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
742 # check if our IP is allowed |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
743 ip_access_valid = True |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
744 if not user.ip_allowed: |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
745 from kallithea.lib import helpers as h |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
746 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))), |
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
747 category='warning') |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
748 ip_access_valid = False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
749 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
750 # check if we used an APIKEY and it's a valid one |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
751 # defined whitelist of controllers which API access will be enabled |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
752 _api_key = request.GET.get('api_key', '') |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
753 api_access_valid = allowed_api_access(loc, api_key=_api_key) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
754 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
755 # explicit controller is enabled or API is in our whitelist |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
756 if self.api_access or api_access_valid: |
1976 | 757 log.debug('Checking API KEY access for %s' % cls) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
758 if _api_key and _api_key in user.api_keys: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
759 api_access_valid = True |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
760 log.debug('API KEY ****%s is VALID' % _api_key[-4:]) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
761 else: |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
762 api_access_valid = False |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
763 if not _api_key: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
764 log.debug("API KEY *NOT* present in request") |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
765 else: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
766 log.warn("API KEY ****%s *NOT* valid" % _api_key[-4:]) |
3146
c5169e445fb8
Full IP restrictions enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
3137
diff
changeset
|
767 |
2025
7e979933ffec
more work on improving info logging
Marcin Kuzminski <marcin@python-works.com>
parents:
2000
diff
changeset
|
768 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc)) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
769 reason = 'RegularAuth' if user.is_authenticated else 'APIAuth' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
770 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
771 if ip_access_valid and (user.is_authenticated or api_access_valid): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
772 log.info('user %s authenticating with:%s IS authenticated on func %s ' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
773 % (user, reason, loc) |
2025
7e979933ffec
more work on improving info logging
Marcin Kuzminski <marcin@python-works.com>
parents:
2000
diff
changeset
|
774 ) |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
775 return func(*fargs, **fkwargs) |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
776 else: |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
777 log.warn('user %s authenticating with:%s NOT authenticated on func: %s: ' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
778 'IP_ACCESS:%s API_ACCESS:%s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
779 % (user, reason, loc, ip_access_valid, api_access_valid) |
2025
7e979933ffec
more work on improving info logging
Marcin Kuzminski <marcin@python-works.com>
parents:
2000
diff
changeset
|
780 ) |
1207
e61b7ba293db
changed the way of generating url for came_from
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
781 p = url.current() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
782 |
1976 | 783 log.debug('redirecting to login page with %s' % p) |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
784 return redirect(url('login_home', came_from=p)) |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
785 |
1246 | 786 |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
787 class NotAnonymous(object): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
788 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
789 Must be logged in to execute this function else |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
790 redirect to login page""" |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
791 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
792 def __call__(self, func): |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
793 return decorator(self.__wrapper, func) |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
794 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
795 def __wrapper(self, func, *fargs, **fkwargs): |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
796 cls = fargs[0] |
4197
d208416c84c6
Rename rhodecode_user to authuser - it is an AuthUser instance
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4187
diff
changeset
|
797 self.user = cls.authuser |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
798 |
1976 | 799 log.debug('Checking if user is not anonymous @%s' % cls) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
800 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
801 anonymous = self.user.username == User.DEFAULT_USER |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
802 |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
803 if anonymous: |
1335
40c8d18102a9
fixed redirection link in notAnonymous decorator
Marcin Kuzminski <marcin@python-works.com>
parents:
1307
diff
changeset
|
804 p = url.current() |
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
805 |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
806 import kallithea.lib.helpers as h |
1246 | 807 h.flash(_('You need to be a registered user to ' |
808 'perform this action'), | |
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
809 category='warning') |
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
810 return redirect(url('login_home', came_from=p)) |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
811 else: |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
812 return func(*fargs, **fkwargs) |
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
813 |
1246 | 814 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
815 class PermsDecorator(object): |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
816 """Base class for controller decorators""" |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
817 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
818 def __init__(self, *required_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
819 self.required_perms = set(required_perms) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
820 self.user_perms = None |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
821 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
822 def __call__(self, func): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
823 return decorator(self.__wrapper, func) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
824 |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
825 def __wrapper(self, func, *fargs, **fkwargs): |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
826 cls = fargs[0] |
4197
d208416c84c6
Rename rhodecode_user to authuser - it is an AuthUser instance
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4187
diff
changeset
|
827 self.user = cls.authuser |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
828 self.user_perms = self.user.permissions |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
829 log.debug('checking %s permissions %s for %s %s', |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
830 self.__class__.__name__, self.required_perms, cls, self.user) |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
831 |
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
832 if self.check_permissions(): |
1976 | 833 log.debug('Permission granted for %s %s' % (cls, self.user)) |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
834 return func(*fargs, **fkwargs) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
835 |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
836 else: |
2025
7e979933ffec
more work on improving info logging
Marcin Kuzminski <marcin@python-works.com>
parents:
2000
diff
changeset
|
837 log.debug('Permission denied for %s %s' % (cls, self.user)) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
838 anonymous = self.user.username == User.DEFAULT_USER |
1336
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
839 |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
840 if anonymous: |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
841 p = url.current() |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
842 |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
843 import kallithea.lib.helpers as h |
1336
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
844 h.flash(_('You need to be a signed in to ' |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
845 'view this page'), |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
846 category='warning') |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
847 return redirect(url('login_home', came_from=p)) |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
848 |
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
849 else: |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
850 # redirect with forbidden ret code |
1336
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
851 return abort(403) |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
852 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
853 def check_permissions(self): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
854 """Dummy function for overriding""" |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
855 raise Exception('You have to write this function in child class') |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
856 |
1246 | 857 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
858 class HasPermissionAllDecorator(PermsDecorator): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
859 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
860 Checks for access permission for all given predicates. All of them |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
861 have to be meet in order to fulfill the request |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
862 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
863 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
864 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
865 if self.required_perms.issubset(self.user_perms.get('global')): |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
866 return True |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
867 return False |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
868 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
869 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
870 class HasPermissionAnyDecorator(PermsDecorator): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
871 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
872 Checks for access permission for any of given predicates. In order to |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
873 fulfill the request any of predicates must be meet |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
874 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
875 |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
876 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
877 if self.required_perms.intersection(self.user_perms.get('global')): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
878 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
879 return False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
880 |
1246 | 881 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
882 class HasRepoPermissionAllDecorator(PermsDecorator): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
883 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
884 Checks for access permission for all given predicates for specific |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
885 repository. All of them have to be meet in order to fulfill the request |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
886 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
887 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
888 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
889 repo_name = get_repo_slug(request) |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
890 try: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
891 user_perms = set([self.user_perms['repositories'][repo_name]]) |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
892 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
893 return False |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
894 if self.required_perms.issubset(user_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
895 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
896 return False |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
897 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
898 |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
899 class HasRepoPermissionAnyDecorator(PermsDecorator): |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
900 """ |
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
901 Checks for access permission for any of given predicates for specific |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
902 repository. In order to fulfill the request any of predicates must be meet |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
903 """ |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
904 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
905 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
906 repo_name = get_repo_slug(request) |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
907 try: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
908 user_perms = set([self.user_perms['repositories'][repo_name]]) |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
909 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
910 return False |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
911 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
912 if self.required_perms.intersection(user_perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
913 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
914 return False |
1246 | 915 |
916 | |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
917 class HasRepoGroupPermissionAllDecorator(PermsDecorator): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
918 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
919 Checks for access permission for all given predicates for specific |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
920 repository group. All of them have to be meet in order to fulfill the request |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
921 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
922 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
923 def check_permissions(self): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
924 group_name = get_repo_group_slug(request) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
925 try: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
926 user_perms = set([self.user_perms['repositories_groups'][group_name]]) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
927 except KeyError: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
928 return False |
3222
b4daef4cc26d
Group management delegation:
Marcin Kuzminski <marcin@python-works.com>
parents:
3212
diff
changeset
|
929 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
930 if self.required_perms.issubset(user_perms): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
931 return True |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
932 return False |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
933 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
934 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
935 class HasRepoGroupPermissionAnyDecorator(PermsDecorator): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
936 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
937 Checks for access permission for any of given predicates for specific |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
938 repository group. In order to fulfill the request any of predicates must be meet |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
939 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
940 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
941 def check_permissions(self): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
942 group_name = get_repo_group_slug(request) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
943 try: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
944 user_perms = set([self.user_perms['repositories_groups'][group_name]]) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
945 except KeyError: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
946 return False |
3222
b4daef4cc26d
Group management delegation:
Marcin Kuzminski <marcin@python-works.com>
parents:
3212
diff
changeset
|
947 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
948 if self.required_perms.intersection(user_perms): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
949 return True |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
950 return False |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
951 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
952 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
953 class HasUserGroupPermissionAllDecorator(PermsDecorator): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
954 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
955 Checks for access permission for all given predicates for specific |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
956 user group. All of them have to be meet in order to fulfill the request |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
957 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
958 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
959 def check_permissions(self): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
960 group_name = get_user_group_slug(request) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
961 try: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
962 user_perms = set([self.user_perms['user_groups'][group_name]]) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
963 except KeyError: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
964 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
965 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
966 if self.required_perms.issubset(user_perms): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
967 return True |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
968 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
969 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
970 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
971 class HasUserGroupPermissionAnyDecorator(PermsDecorator): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
972 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
973 Checks for access permission for any of given predicates for specific |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
974 user group. In order to fulfill the request any of predicates must be meet |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
975 """ |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
976 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
977 def check_permissions(self): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
978 group_name = get_user_group_slug(request) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
979 try: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
980 user_perms = set([self.user_perms['user_groups'][group_name]]) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
981 except KeyError: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
982 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
983 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
984 if self.required_perms.intersection(user_perms): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
985 return True |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
986 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
987 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
988 |
1246 | 989 #============================================================================== |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
990 # CHECK FUNCTIONS |
1246 | 991 #============================================================================== |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
992 class PermsFunction(object): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
993 """Base function for other check functions""" |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
994 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
995 def __init__(self, *perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
996 self.required_perms = set(perms) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
997 self.user_perms = None |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
998 self.repo_name = None |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
999 self.group_name = None |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1000 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1001 def __call__(self, check_location='', user=None): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1002 if not user: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1003 #TODO: remove this someday,put as user as attribute here |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1004 user = request.user |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1005 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1006 # init auth user if not already given |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1007 if not isinstance(user, AuthUser): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1008 user = AuthUser(user.user_id) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1009 |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1010 cls_name = self.__class__.__name__ |
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1011 check_scope = { |
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1012 'HasPermissionAll': '', |
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1013 'HasPermissionAny': '', |
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1014 'HasRepoPermissionAll': 'repo:%s' % self.repo_name, |
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1015 'HasRepoPermissionAny': 'repo:%s' % self.repo_name, |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1016 'HasRepoGroupPermissionAll': 'group:%s' % self.group_name, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1017 'HasRepoGroupPermissionAny': 'group:%s' % self.group_name, |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1018 }.get(cls_name, '?') |
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1019 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name, |
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1020 self.required_perms, user, check_scope, |
3313
14697de1598f
refactor check_Location => check_location
Marcin Kuzminski <marcin@python-works.com>
parents:
3222
diff
changeset
|
1021 check_location or 'unspecified location') |
333 | 1022 if not user: |
2045
5b12cbae0b50
fixed issue with sessions that lead to redirection loops
Marcin Kuzminski <marcin@python-works.com>
parents:
2030
diff
changeset
|
1023 log.debug('Empty request user') |
333 | 1024 return False |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1025 self.user_perms = user.permissions |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1026 if self.check_permissions(): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1027 log.debug('Permission to %s granted for user: %s @ %s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1028 % (check_scope, user, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1029 check_location or 'unspecified location')) |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1030 return True |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1031 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1032 else: |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1033 log.debug('Permission to %s denied for user: %s @ %s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1034 % (check_scope, user, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1035 check_location or 'unspecified location')) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1036 return False |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1037 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1038 def check_permissions(self): |
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
1039 """Dummy function for overriding""" |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1040 raise Exception('You have to write this function in child class') |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1041 |
1246 | 1042 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1043 class HasPermissionAll(PermsFunction): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1044 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1045 if self.required_perms.issubset(self.user_perms.get('global')): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1046 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1047 return False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1048 |
1246 | 1049 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1050 class HasPermissionAny(PermsFunction): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1051 def check_permissions(self): |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1052 if self.required_perms.intersection(self.user_perms.get('global')): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1053 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1054 return False |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1055 |
1246 | 1056 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1057 class HasRepoPermissionAll(PermsFunction): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1058 def __call__(self, repo_name=None, check_location='', user=None): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1059 self.repo_name = repo_name |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1060 return super(HasRepoPermissionAll, self).__call__(check_location, user) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1061 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1062 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1063 if not self.repo_name: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1064 self.repo_name = get_repo_slug(request) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1065 |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1066 try: |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1067 self._user_perms = set( |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1068 [self.user_perms['repositories'][self.repo_name]] |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1069 ) |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1070 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1071 return False |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1072 if self.required_perms.issubset(self._user_perms): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1073 return True |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1074 return False |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1075 |
1246 | 1076 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1077 class HasRepoPermissionAny(PermsFunction): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1078 def __call__(self, repo_name=None, check_location='', user=None): |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1079 self.repo_name = repo_name |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1080 return super(HasRepoPermissionAny, self).__call__(check_location, user) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1081 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1082 def check_permissions(self): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1083 if not self.repo_name: |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1084 self.repo_name = get_repo_slug(request) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1085 |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1086 try: |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1087 self._user_perms = set( |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1088 [self.user_perms['repositories'][self.repo_name]] |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1089 ) |
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1090 except KeyError: |
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
1091 return False |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1092 if self.required_perms.intersection(self._user_perms): |
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
1093 return True |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
1094 return False |
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
1095 |
1246 | 1096 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1097 class HasRepoGroupPermissionAny(PermsFunction): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1098 def __call__(self, group_name=None, check_location='', user=None): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1099 self.group_name = group_name |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1100 return super(HasRepoGroupPermissionAny, self).__call__(check_location, user) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1101 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1102 def check_permissions(self): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1103 try: |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1104 self._user_perms = set( |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1105 [self.user_perms['repositories_groups'][self.group_name]] |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1106 ) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1107 except KeyError: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1108 return False |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1109 if self.required_perms.intersection(self._user_perms): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1110 return True |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1111 return False |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1112 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1113 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1114 class HasRepoGroupPermissionAll(PermsFunction): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1115 def __call__(self, group_name=None, check_location='', user=None): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1116 self.group_name = group_name |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1117 return super(HasRepoGroupPermissionAll, self).__call__(check_location, user) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1118 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1119 def check_permissions(self): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1120 try: |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1121 self._user_perms = set( |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1122 [self.user_perms['repositories_groups'][self.group_name]] |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1123 ) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1124 except KeyError: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1125 return False |
2125
097327aaf2ad
more detailed logging on auth system
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
1126 if self.required_perms.issubset(self._user_perms): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1127 return True |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1128 return False |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1129 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
1130 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1131 class HasUserGroupPermissionAny(PermsFunction): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1132 def __call__(self, user_group_name=None, check_location='', user=None): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1133 self.user_group_name = user_group_name |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1134 return super(HasUserGroupPermissionAny, self).__call__(check_location, user) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1135 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1136 def check_permissions(self): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1137 try: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1138 self._user_perms = set( |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1139 [self.user_perms['user_groups'][self.user_group_name]] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1140 ) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1141 except KeyError: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1142 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1143 if self.required_perms.intersection(self._user_perms): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1144 return True |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1145 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1146 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1147 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1148 class HasUserGroupPermissionAll(PermsFunction): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1149 def __call__(self, user_group_name=None, check_location='', user=None): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1150 self.user_group_name = user_group_name |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1151 return super(HasUserGroupPermissionAll, self).__call__(check_location, user) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1152 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1153 def check_permissions(self): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1154 try: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1155 self._user_perms = set( |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1156 [self.user_perms['user_groups'][self.user_group_name]] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1157 ) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1158 except KeyError: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1159 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1160 if self.required_perms.issubset(self._user_perms): |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1161 return True |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1162 return False |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3632
diff
changeset
|
1163 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1164 |
1246 | 1165 #============================================================================== |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1166 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH |
1246 | 1167 #============================================================================== |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1168 class HasPermissionAnyMiddleware(object): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1169 def __init__(self, *perms): |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1170 self.required_perms = set(perms) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1171 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1172 def __call__(self, user, repo_name): |
2100
f0649c7cf94a
fixed some unicode problems with waitress
Marcin Kuzminski <marcin@python-works.com>
parents:
2045
diff
changeset
|
1173 # repo_name MUST be unicode, since we handle keys in permission |
f0649c7cf94a
fixed some unicode problems with waitress
Marcin Kuzminski <marcin@python-works.com>
parents:
2045
diff
changeset
|
1174 # dict by unicode |
f0649c7cf94a
fixed some unicode problems with waitress
Marcin Kuzminski <marcin@python-works.com>
parents:
2045
diff
changeset
|
1175 repo_name = safe_unicode(repo_name) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
1176 usr = AuthUser(user.user_id) |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1177 try: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
1178 self.user_perms = set([usr.permissions['repositories'][repo_name]]) |
2100
f0649c7cf94a
fixed some unicode problems with waitress
Marcin Kuzminski <marcin@python-works.com>
parents:
2045
diff
changeset
|
1179 except Exception: |
2109 | 1180 log.error('Exception while accessing permissions %s' % |
2100
f0649c7cf94a
fixed some unicode problems with waitress
Marcin Kuzminski <marcin@python-works.com>
parents:
2045
diff
changeset
|
1181 traceback.format_exc()) |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1182 self.user_perms = set() |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1183 self.username = user.username |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1184 self.repo_name = repo_name |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1185 return self.check_permissions() |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
1186 |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1187 def check_permissions(self): |
2726
aa17c7a1b8a5
Implemented basic locking functionality.
Marcin Kuzminski <marcin@python-works.com>
parents:
2714
diff
changeset
|
1188 log.debug('checking VCS protocol ' |
1040
8e49b6ceffe1
fixes fixes fixes ! optimized queries on journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1036
diff
changeset
|
1189 'permissions %s for user:%s repository:%s', self.user_perms, |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1190 self.username, self.repo_name) |
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1191 if self.required_perms.intersection(self.user_perms): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1192 log.debug('Permission to repo: %s granted for user: %s @ %s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1193 % (self.repo_name, self.username, 'PermissionMiddleware')) |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1194 return True |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1195 log.debug('Permission to repo: %s denied for user: %s @ %s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1196 % (self.repo_name, self.username, 'PermissionMiddleware')) |
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
1197 return False |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1198 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1199 |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1200 #============================================================================== |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1201 # SPECIAL VERSION TO HANDLE API AUTH |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1202 #============================================================================== |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1203 class _BaseApiPerm(object): |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1204 def __init__(self, *perms): |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1205 self.required_perms = set(perms) |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1206 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1207 def __call__(self, check_location=None, user=None, repo_name=None, |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1208 group_name=None): |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1209 cls_name = self.__class__.__name__ |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1210 check_scope = 'user:%s' % (user) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1211 if repo_name: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1212 check_scope += ', repo:%s' % (repo_name) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1213 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1214 if group_name: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1215 check_scope += ', repo group:%s' % (group_name) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1216 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1217 log.debug('checking cls:%s %s %s @ %s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1218 % (cls_name, self.required_perms, check_scope, check_location)) |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1219 if not user: |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1220 log.debug('Empty User passed into arguments') |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1221 return False |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1222 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1223 ## process user |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1224 if not isinstance(user, AuthUser): |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1225 user = AuthUser(user.user_id) |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1226 if not check_location: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1227 check_location = 'unspecified' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1228 if self.check_permissions(user.permissions, repo_name, group_name): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1229 log.debug('Permission to %s granted for user: %s @ %s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1230 % (check_scope, user, check_location)) |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1231 return True |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1232 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1233 else: |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1234 log.debug('Permission to %s denied for user: %s @ %s' |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1235 % (check_scope, user, check_location)) |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1236 return False |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1237 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1238 def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1239 """ |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1240 implement in child class should return True if permissions are ok, |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1241 False otherwise |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1242 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1243 :param perm_defs: dict with permission definitions |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1244 :param repo_name: repo name |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1245 """ |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1246 raise NotImplementedError() |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1247 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1248 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1249 class HasPermissionAllApi(_BaseApiPerm): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1250 def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1251 if self.required_perms.issubset(perm_defs.get('global')): |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1252 return True |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1253 return False |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1254 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1255 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1256 class HasPermissionAnyApi(_BaseApiPerm): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1257 def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1258 if self.required_perms.intersection(perm_defs.get('global')): |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1259 return True |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1260 return False |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1261 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1262 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1263 class HasRepoPermissionAllApi(_BaseApiPerm): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1264 def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1265 try: |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1266 _user_perms = set([perm_defs['repositories'][repo_name]]) |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1267 except KeyError: |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1268 log.warning(traceback.format_exc()) |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1269 return False |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1270 if self.required_perms.issubset(_user_perms): |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1271 return True |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1272 return False |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1273 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1274 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1275 class HasRepoPermissionAnyApi(_BaseApiPerm): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1276 def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1277 try: |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1278 _user_perms = set([perm_defs['repositories'][repo_name]]) |
3161
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1279 except KeyError: |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1280 log.warning(traceback.format_exc()) |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1281 return False |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1282 if self.required_perms.intersection(_user_perms): |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1283 return True |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1284 return False |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1285 |
3563c47e52fd
Implemented API calls for non-admin users for locking/unlocking repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
3146
diff
changeset
|
1286 |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1287 class HasRepoGroupPermissionAnyApi(_BaseApiPerm): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1288 def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1289 try: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1290 _user_perms = set([perm_defs['repositories_groups'][group_name]]) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1291 except KeyError: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1292 log.warning(traceback.format_exc()) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1293 return False |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1294 if self.required_perms.intersection(_user_perms): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1295 return True |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1296 return False |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1297 |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1298 class HasRepoGroupPermissionAllApi(_BaseApiPerm): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1299 def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1300 try: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1301 _user_perms = set([perm_defs['repositories_groups'][group_name]]) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1302 except KeyError: |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1303 log.warning(traceback.format_exc()) |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1304 return False |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1305 if self.required_perms.issubset(_user_perms): |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1306 return True |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1307 return False |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1308 |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1309 def check_ip_access(source_ip, allowed_ips=None): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1310 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1311 Checks if source_ip is a subnet of any of allowed_ips. |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1312 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1313 :param source_ip: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1314 :param allowed_ips: list of allowed ips together with mask |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1315 """ |
4186
7e5f8c12a3fc
First step in two-part process to rename directories to kallithea.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4116
diff
changeset
|
1316 from kallithea.lib import ipaddr |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1317 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips)) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1318 if isinstance(allowed_ips, (tuple, list, set)): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1319 for ip in allowed_ips: |
3212
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1320 try: |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1321 if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip): |
4116
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1322 log.debug('IP %s is network %s' % |
ffd45b185016
Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
4089
diff
changeset
|
1323 (ipaddr.IPAddress(source_ip), ipaddr.IPNetwork(ip))) |
3212
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1324 return True |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1325 # for any case we cannot determine the IP, don't crash just |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1326 # skip it and log as error, we want to say forbidden still when |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1327 # sending bad IP |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1328 except Exception: |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1329 log.error(traceback.format_exc()) |
6c28533d122c
IP restrictions now also enabled for IPv6
Marcin Kuzminski <marcin@python-works.com>
parents:
3173
diff
changeset
|
1330 continue |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
2726
diff
changeset
|
1331 return False |