kallithea: kallithea/lib/auth.py annotate

annotate kallithea/lib/auth.py @ 4208:ad38f9f93b3b kallithea-2.2.5-rebrand

Correct licensing information in individual files. The top-level license file is now LICENSE.md. Also, in various places where there should have been joint copyright holders listed, a single copyright holder was listed. It does not appear easy to add a link to a large list of copyright holders in these places, so it simply refers to the fact that various authors hold copyright. In future, if an easy method is discovered to link to a list from those places, we should do so. Finally, text is added to LICENSE.md to point to where the full list of copyright holders is, and that Kallithea as a whole is GPLv3'd.

author	Bradley M. Kuhn <bkuhn@sfconservancy.org>
date	Wed, 21 May 2014 16:59:37 -0400
parents	05fe69812197
children	1948ede028ef

rev	line source
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	1 # -- coding: utf-8 --
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	2 # This program is free software: you can redistribute it and/or modify
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	3 # it under the terms of the GNU General Public License as published by
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	4 # the Free Software Foundation, either version 3 of the License, or
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	5 # (at your option) any later version.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	6 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	7 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	10 # GNU General Public License for more details.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	11 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	12 # You should have received a copy of the GNU General Public License
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	14 """
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	15 kallithea.lib.auth
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	16 ~~~~~~~~~~~~~~~~~~
381 55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	17
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	18 authentication and permission libraries
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	19
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	20 :created_on: Apr 4, 2010
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	21 :author: marcink
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	22 :copyright: (c) 2013 RhodeCode GmbH.
4208 ad38f9f93b3b Correct licensing information in individual files. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4202 diff changeset	23 :license: GPLv3, see LICENSE.md for more details.
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	24 """
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	25 from __future__ import with_statement
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	26 import time
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	27 import random
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	28 import logging
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	29 import traceback
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	30 import hashlib
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	31 import itertools
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	32 import collections
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	33
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	34 from tempfile import _RandomNameSequence
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	35 from decorator import decorator
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	36
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	37 from pylons import url, request
52 25e516447a33 implemented autentication marcink parents: 48 diff changeset	38 from pylons.controllers.util import abort, redirect
1056 520d27f40b51 #113 removed anonymous access from forking, added system messages in login box. Marcin Kuzminski <marcin@python-works.com> parents: 1040 diff changeset	39 from pylons.i18n.translation import _
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	40 from sqlalchemy import or_
3212 6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	41 from sqlalchemy.orm.exc import ObjectDeletedError
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	42 from sqlalchemy.orm import joinedload
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	43
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	44 from kallithea import __platform__, is_windows, is_unix
7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	45 from kallithea.lib.vcs.utils.lazy import LazyProperty
7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	46 from kallithea.model import meta
7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	47 from kallithea.model.meta import Session
7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	48 from kallithea.model.user import UserModel
7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	49 from kallithea.model.db import User, Repository, Permission, \
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	50 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	51 RepoGroup, UserGroupRepoGroupToPerm, UserIpMap, UserGroupUserGroupToPerm, \
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	52 UserGroup, UserApiKeys
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	53
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	54 from kallithea.lib.utils2 import safe_unicode, aslist
7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	55 from kallithea.lib.utils import get_repo_slug, get_repo_group_slug, \
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	56 get_user_group_slug, conditional_cache
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	57 from kallithea.lib.caching_query import FromCache
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	58
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	59 from beaker.cache import cache_region
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	60
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	61 log = logging.getLogger(__name__)
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	62
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	63
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	64 class PasswordGenerator(object):
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	65 """
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1808 diff changeset	66 This is a simple class for generating password from different sets of
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	67 characters
7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	68 usage::
7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	69
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	70 passwd_gen = PasswordGenerator()
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	71 #print 8-letter password containing only big and small letters
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	72 of alphabet
2278 24095abde696 print statement cleanup Marcin Kuzminski <marcin@python-works.com> parents: 2125 diff changeset	73 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	74 """
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	75 ALPHABETS_NUM = r'''1234567890'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	76 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	77 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	78 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}\|:"<>?'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	79 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	80 + ALPHABETS_NUM + ALPHABETS_SPECIAL
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	81 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	82 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	83 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	84 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	85
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	86 def __init__(self, passwd=''):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	87 self.passwd = passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	88
1993 4d3179d2adfe added optional password type in password generator Marcin Kuzminski <marcin@python-works.com> parents: 1992 diff changeset	89 def gen_password(self, length, type_=None):
4d3179d2adfe added optional password type in password generator Marcin Kuzminski <marcin@python-works.com> parents: 1992 diff changeset	90 if type_ is None:
4d3179d2adfe added optional password type in password generator Marcin Kuzminski <marcin@python-works.com> parents: 1992 diff changeset	91 type_ = self.ALPHABETS_FULL
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	92 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	93 return self.passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	94
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	95
4202 05fe69812197 Rename RhodeCodeCrypto to KallitheaCrypto Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4197 diff changeset	96 class KallitheaCrypto(object):
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	97
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	98 @classmethod
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	99 def hash_string(cls, str_):
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	100 """
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	101 Cryptographic function used for password hashing based on pybcrypt
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	102 or pycrypto in windows
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	103
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	104 :param password: password to hash
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	105 """
2634 4b17216f2110 Deprecated validation of operating system, we just care if it's windows, let approve all other Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	106 if is_windows:
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2458 diff changeset	107 from hashlib import sha256
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	108 return sha256(str_).hexdigest()
2634 4b17216f2110 Deprecated validation of operating system, we just care if it's windows, let approve all other Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	109 elif is_unix:
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2458 diff changeset	110 import bcrypt
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	111 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	112 else:
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	113 raise Exception('Unknown or unsupported platform %s' \
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	114 % __platform__)
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	115
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	116 @classmethod
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	117 def hash_check(cls, password, hashed):
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	118 """
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	119 Checks matching password with it's hashed value, runs different
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	120 implementation based on platform it runs on
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	121
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	122 :param password: password
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	123 :param hashed: password in hashed form
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	124 """
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	125
2634 4b17216f2110 Deprecated validation of operating system, we just care if it's windows, let approve all other Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	126 if is_windows:
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2458 diff changeset	127 from hashlib import sha256
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	128 return sha256(password).hexdigest() == hashed
2634 4b17216f2110 Deprecated validation of operating system, we just care if it's windows, let approve all other Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	129 elif is_unix:
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2458 diff changeset	130 import bcrypt
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	131 return bcrypt.hashpw(password, hashed) == hashed
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	132 else:
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	133 raise Exception('Unknown or unsupported platform %s' \
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	134 % __platform__)
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	135
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	136
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	137 def get_crypt_password(password):
4202 05fe69812197 Rename RhodeCodeCrypto to KallitheaCrypto Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4197 diff changeset	138 return KallitheaCrypto.hash_string(password)
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	139
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	140
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	141 def check_password(password, hashed):
4202 05fe69812197 Rename RhodeCodeCrypto to KallitheaCrypto Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4197 diff changeset	142 return KallitheaCrypto.hash_check(password, hashed)
415 04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	143
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	144
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	145 def generate_api_key(str_, salt=None):
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	146 """
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	147 Generates API KEY from given string
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1808 diff changeset	148
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	149 :param str_:
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	150 :param salt:
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	151 """
1718 f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	152
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	153 if salt is None:
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	154 salt = _RandomNameSequence().next()
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	155
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	156 return hashlib.sha1(str_ + salt).hexdigest()
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	157
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	158
2030 61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	159 class CookieStoreWrapper(object):
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	160
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	161 def __init__(self, cookie_store):
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	162 self.cookie_store = cookie_store
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	163
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	164 def __repr__(self):
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	165 return 'CookieStore<%s>' % (self.cookie_store)
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	166
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	167 def get(self, key, other=None):
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	168 if isinstance(self.cookie_store, dict):
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	169 return self.cookie_store.get(key, other)
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	170 elif isinstance(self.cookie_store, AuthUser):
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	171 return self.cookie_store.__dict__.get(key, other)
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	172
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	173
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	174
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	175 def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	176 explicit, algo):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	177 RK = 'repositories'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	178 GK = 'repositories_groups'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	179 UK = 'user_groups'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	180 GLOBAL = 'global'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	181 PERM_WEIGHTS = Permission.PERM_WEIGHTS
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	182 permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	183
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	184 def _choose_perm(new_perm, cur_perm):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	185 new_perm_val = PERM_WEIGHTS[new_perm]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	186 cur_perm_val = PERM_WEIGHTS[cur_perm]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	187 if algo == 'higherwin':
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	188 if new_perm_val > cur_perm_val:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	189 return new_perm
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	190 return cur_perm
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	191 elif algo == 'lowerwin':
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	192 if new_perm_val < cur_perm_val:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	193 return new_perm
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	194 return cur_perm
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	195
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	196 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	197 # fetch default permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	198 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	199 default_user = User.get_by_username('default', cache=True)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	200 default_user_id = default_user.user_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	201
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	202 default_repo_perms = Permission.get_default_perms(default_user_id)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	203 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	204 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	205
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	206 if user_is_admin:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	207 #==================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	208 # admin user have all default rights for repositories
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	209 # and groups set to admin
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	210 #==================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	211 permissions[GLOBAL].add('hg.admin')
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	212 permissions[GLOBAL].add('hg.create.write_on_repogroup.true')
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	213
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	214 # repositories
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	215 for perm in default_repo_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	216 r_k = perm.UserRepoToPerm.repository.repo_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	217 p = 'repository.admin'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	218 permissions[RK][r_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	219
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	220 # repository groups
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	221 for perm in default_repo_groups_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	222 rg_k = perm.UserRepoGroupToPerm.group.group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	223 p = 'group.admin'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	224 permissions[GK][rg_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	225
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	226 # user groups
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	227 for perm in default_user_group_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	228 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	229 p = 'usergroup.admin'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	230 permissions[UK][u_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	231 return permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	232
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	233 #==================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	234 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	235 #==================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	236 uid = user_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	237
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	238 # default global permissions taken fron the default user
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	239 default_global_perms = UserToPerm.query()\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	240 .filter(UserToPerm.user_id == default_user_id)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	241 .options(joinedload(UserToPerm.permission))
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	242
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	243 for perm in default_global_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	244 permissions[GLOBAL].add(perm.permission.permission_name)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	245
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	246 # defaults for repositories, taken from default user
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	247 for perm in default_repo_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	248 r_k = perm.UserRepoToPerm.repository.repo_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	249 if perm.Repository.private and not (perm.Repository.user_id == uid):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	250 # disable defaults for private repos,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	251 p = 'repository.none'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	252 elif perm.Repository.user_id == uid:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	253 # set admin if owner
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	254 p = 'repository.admin'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	255 else:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	256 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	257
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	258 permissions[RK][r_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	259
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	260 # defaults for repository groups taken from default user permission
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	261 # on given group
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	262 for perm in default_repo_groups_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	263 rg_k = perm.UserRepoGroupToPerm.group.group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	264 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	265 permissions[GK][rg_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	266
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	267 # defaults for user groups taken from default user permission
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	268 # on given user group
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	269 for perm in default_user_group_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	270 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	271 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	272 permissions[UK][u_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	273
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	274 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	275 # !! OVERRIDE GLOBALS !! with user permissions if any found
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	276 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	277 # those can be configured from groups or users explicitly
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	278 _configurable = set([
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	279 'hg.fork.none', 'hg.fork.repository',
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	280 'hg.create.none', 'hg.create.repository',
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	281 'hg.usergroup.create.false', 'hg.usergroup.create.true'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	282 ])
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	283
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	284 # USER GROUPS comes first
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	285 # user group global permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	286 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	287 .options(joinedload(UserGroupToPerm.permission))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	288 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	289 UserGroupMember.users_group_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	290 .filter(UserGroupMember.user_id == uid)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	291 .order_by(UserGroupToPerm.users_group_id)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	292 .all()
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	293 # need to group here by groups since user can be in more than
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	294 # one group
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	295 _grouped = [[x, list(y)] for x, y in
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	296 itertools.groupby(user_perms_from_users_groups,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	297 lambda x:x.users_group)]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	298 for gr, perms in _grouped:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	299 # since user can be in multiple groups iterate over them and
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	300 # select the lowest permissions first (more explicit)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	301 ##TODO: do this^^
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	302 if not gr.inherit_default_permissions:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	303 # NEED TO IGNORE all configurable permissions and
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	304 # replace them with explicitly set
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	305 permissions[GLOBAL] = permissions[GLOBAL]\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	306 .difference(_configurable)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	307 for perm in perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	308 permissions[GLOBAL].add(perm.permission.permission_name)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	309
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	310 # user specific global permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	311 user_perms = Session().query(UserToPerm)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	312 .options(joinedload(UserToPerm.permission))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	313 .filter(UserToPerm.user_id == uid).all()
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	314
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	315 if not user_inherit_default_permissions:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	316 # NEED TO IGNORE all configurable permissions and
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	317 # replace them with explicitly set
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	318 permissions[GLOBAL] = permissions[GLOBAL]\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	319 .difference(_configurable)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	320
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	321 for perm in user_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	322 permissions[GLOBAL].add(perm.permission.permission_name)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	323 ## END GLOBAL PERMISSIONS
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	324
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	325 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	326 # !! PERMISSIONS FOR REPOSITORIES !!
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	327 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	328 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	329 # check if user is part of user groups for this repository and
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	330 # fill in his permission from it. _choose_perm decides of which
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	331 # permission should be selected based on selected method
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	332 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	333
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	334 # user group for repositories permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	335 user_repo_perms_from_users_groups = \
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	336 Session().query(UserGroupRepoToPerm, Permission, Repository,)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	337 .join((Repository, UserGroupRepoToPerm.repository_id ==
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	338 Repository.repo_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	339 .join((Permission, UserGroupRepoToPerm.permission_id ==
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	340 Permission.permission_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	341 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	342 UserGroupMember.users_group_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	343 .filter(UserGroupMember.user_id == uid)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	344 .all()
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	345
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	346 multiple_counter = collections.defaultdict(int)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	347 for perm in user_repo_perms_from_users_groups:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	348 r_k = perm.UserGroupRepoToPerm.repository.repo_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	349 multiple_counter[r_k] += 1
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	350 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	351 cur_perm = permissions[RK][r_k]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	352
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	353 if perm.Repository.user_id == uid:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	354 # set admin if owner
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	355 p = 'repository.admin'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	356 else:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	357 if multiple_counter[r_k] > 1:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	358 p = _choose_perm(p, cur_perm)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	359 permissions[RK][r_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	360
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	361 # user explicit permissions for repositories, overrides any specified
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	362 # by the group permission
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	363 user_repo_perms = Permission.get_default_perms(uid)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	364 for perm in user_repo_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	365 r_k = perm.UserRepoToPerm.repository.repo_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	366 cur_perm = permissions[RK][r_k]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	367 # set admin if owner
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	368 if perm.Repository.user_id == uid:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	369 p = 'repository.admin'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	370 else:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	371 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	372 if not explicit:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	373 p = _choose_perm(p, cur_perm)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	374 permissions[RK][r_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	375
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	376 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	377 # !! PERMISSIONS FOR REPOSITORY GROUPS !!
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	378 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	379 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	380 # check if user is part of user groups for this repository groups and
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	381 # fill in his permission from it. _choose_perm decides of which
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	382 # permission should be selected based on selected method
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	383 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	384 # user group for repo groups permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	385 user_repo_group_perms_from_users_groups = \
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	386 Session().query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	387 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	388 .join((Permission, UserGroupRepoGroupToPerm.permission_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	389 == Permission.permission_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	390 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	391 == UserGroupMember.users_group_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	392 .filter(UserGroupMember.user_id == uid)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	393 .all()
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	394
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	395 multiple_counter = collections.defaultdict(int)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	396 for perm in user_repo_group_perms_from_users_groups:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	397 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	398 multiple_counter[g_k] += 1
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	399 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	400 cur_perm = permissions[GK][g_k]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	401 if multiple_counter[g_k] > 1:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	402 p = _choose_perm(p, cur_perm)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	403 permissions[GK][g_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	404
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	405 # user explicit permissions for repository groups
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	406 user_repo_groups_perms = Permission.get_default_group_perms(uid)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	407 for perm in user_repo_groups_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	408 rg_k = perm.UserRepoGroupToPerm.group.group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	409 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	410 cur_perm = permissions[GK][rg_k]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	411 if not explicit:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	412 p = _choose_perm(p, cur_perm)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	413 permissions[GK][rg_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	414
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	415 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	416 # !! PERMISSIONS FOR USER GROUPS !!
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	417 #======================================================================
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	418 # user group for user group permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	419 user_group_user_groups_perms = \
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	420 Session().query(UserGroupUserGroupToPerm, Permission, UserGroup)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	421 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	422 == UserGroup.users_group_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	423 .join((Permission, UserGroupUserGroupToPerm.permission_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	424 == Permission.permission_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	425 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	426 == UserGroupMember.users_group_id))\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	427 .filter(UserGroupMember.user_id == uid)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	428 .all()
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	429
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	430 multiple_counter = collections.defaultdict(int)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	431 for perm in user_group_user_groups_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	432 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	433 multiple_counter[g_k] += 1
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	434 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	435 cur_perm = permissions[UK][g_k]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	436 if multiple_counter[g_k] > 1:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	437 p = _choose_perm(p, cur_perm)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	438 permissions[UK][g_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	439
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	440 #user explicit permission for user groups
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	441 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	442 for perm in user_user_groups_perms:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	443 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	444 p = perm.Permission.permission_name
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	445 cur_perm = permissions[UK][u_k]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	446 if not explicit:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	447 p = _choose_perm(p, cur_perm)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	448 permissions[UK][u_k] = p
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	449
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	450 return permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	451
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	452
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	453 def allowed_api_access(controller_name, whitelist=None, api_key=None):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	454 """
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	455 Check if given controller_name is in whitelist API access
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	456 """
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	457 if not whitelist:
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	458 from kallithea import CONFIG
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	459 whitelist = aslist(CONFIG.get('api_access_controllers_whitelist'),
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	460 sep=',')
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	461 log.debug('whitelist of API access is: %s' % (whitelist))
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	462 api_access_valid = controller_name in whitelist
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	463 if api_access_valid:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	464 log.debug('controller:%s is in API whitelist' % (controller_name))
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	465 else:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	466 msg = 'controller: %s is NOT in API whitelist' % (controller_name)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	467 if api_key:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	468 #if we use API key and don't have access it's a warning
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	469 log.warning(msg)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	470 else:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	471 log.debug(msg)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	472 return api_access_valid
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	473
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	474
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	475 class AuthUser(object):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	476 """
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	477 A simple object that handles all attributes of user in RhodeCode
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	478
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	479 It does lookup based on API key,given user, or user present in session
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	480 Then it fills all required information for such user. It also checks if
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	481 anonymous access is enabled and if so, it returns default user as logged in
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	482 """
1016 3790279d2538 #56 added propagation of permission from group Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	483
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	484 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	485
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	486 self.user_id = user_id
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	487 self._api_key = api_key
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	488
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1118 diff changeset	489 self.api_key = None
1617 cf128ced8c85 Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header) Liad Shani <liadff@gmail.com> parents: 1614 diff changeset	490 self.username = username
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	491 self.ip_addr = ip_addr
355 5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	492 self.name = ''
5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	493 self.lastname = ''
404 a10bdd0b05a7 fixed user email for gravatars Marcin Kuzminski <marcin@python-works.com> parents: 399 diff changeset	494 self.email = ''
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	495 self.is_authenticated = False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	496 self.admin = False
2714 a2eaa0054430 fixed error when disabled anonymous access lead to error on server Marcin Kuzminski <marcin@python-works.com> parents: 2709 diff changeset	497 self.inherit_default_permissions = False
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	498
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	499 self.propagate_data()
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	500 self._instance = None
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	501
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	502 @LazyProperty
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	503 def permissions(self):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	504 return self.get_perms(user=self, cache=False)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	505
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	506 @property
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	507 def api_keys(self):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	508 return self.get_api_keys()
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	509
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	510 def propagate_data(self):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	511 user_model = UserModel()
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	512 self.anonymous_user = User.get_default_user(cache=True)
1613 6cab36e31f09 Added container-based authentication support Liad Shani <liadff@gmail.com> parents: 1425 diff changeset	513 is_user_loaded = False
1718 f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	514
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1808 diff changeset	515 # lookup by userid
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	516 if self.user_id is not None and self.user_id != self.anonymous_user.user_id:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	517 log.debug('Auth User lookup by USER ID %s' % self.user_id)
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1617 diff changeset	518 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	519
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	520 # try go get user by api key
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	521 elif self._api_key and self._api_key != self.anonymous_user.api_key:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	522 log.debug('Auth User lookup by API KEY %s' % self._api_key)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	523 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	524
1808 ff788e390497 fix issue #323 auth by suername only if container auth is enabled Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	525 # lookup by username
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	526 elif self.username:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	527 log.debug('Auth User lookup by USER NAME %s' % self.username)
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	528 is_user_loaded = user_model.fill_data(self, username=self.username)
2045 5b12cbae0b50 fixed issue with sessions that lead to redirection loops Marcin Kuzminski <marcin@python-works.com> parents: 2030 diff changeset	529 else:
5b12cbae0b50 fixed issue with sessions that lead to redirection loops Marcin Kuzminski <marcin@python-works.com> parents: 2030 diff changeset	530 log.debug('No data in %s that could been used to log in' % self)
1613 6cab36e31f09 Added container-based authentication support Liad Shani <liadff@gmail.com> parents: 1425 diff changeset	531
6cab36e31f09 Added container-based authentication support Liad Shani <liadff@gmail.com> parents: 1425 diff changeset	532 if not is_user_loaded:
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	533 # if we cannot authenticate user try anonymous
3625 260a7a01b054 follow Python conventions for boolean values Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	534 if self.anonymous_user.active:
1718 f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	535 user_model.fill_data(self, user_id=self.anonymous_user.user_id)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	536 # then we set this user is logged in
1613 6cab36e31f09 Added container-based authentication support Liad Shani <liadff@gmail.com> parents: 1425 diff changeset	537 self.is_authenticated = True
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	538 else:
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1617 diff changeset	539 self.user_id = None
9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1617 diff changeset	540 self.username = None
1613 6cab36e31f09 Added container-based authentication support Liad Shani <liadff@gmail.com> parents: 1425 diff changeset	541 self.is_authenticated = False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	542
1617 cf128ced8c85 Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header) Liad Shani <liadff@gmail.com> parents: 1614 diff changeset	543 if not self.username:
cf128ced8c85 Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header) Liad Shani <liadff@gmail.com> parents: 1614 diff changeset	544 self.username = 'None'
cf128ced8c85 Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header) Liad Shani <liadff@gmail.com> parents: 1614 diff changeset	545
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	546 log.debug('Auth User is now %s' % self)
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	547
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	548 def get_perms(self, user, explicit=True, algo='higherwin', cache=False):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	549 """
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	550 Fills user permission attribute with permissions taken from database
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	551 works for permissions given for repositories, and for permissions that
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	552 are granted to groups
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	553
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	554 :param user: instance of User object from database
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	555 :param explicit: In case there are permissions both for user and a group
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	556 that user is part of, explicit flag will defiine if user will
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	557 explicitly override permissions from group, if it's False it will
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	558 make decision based on the algo
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	559 :param algo: algorithm to decide what permission should be choose if
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	560 it's multiple defined, eg user in two different groups. It also
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	561 decides if explicit flag is turned off how to specify the permission
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	562 for case when user is in a group + have defined separate permission
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	563 """
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	564 user_id = user.user_id
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	565 user_is_admin = user.is_admin
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	566 user_inherit_default_permissions = user.inherit_default_permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	567
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	568 log.debug('Getting PERMISSION tree')
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	569 compute = conditional_cache('short_term', 'cache_desc',
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	570 condition=cache, func=_cached_perms_data)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	571 return compute(user_id, user_is_admin,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	572 user_inherit_default_permissions, explicit, algo)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	573
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	574 def get_api_keys(self):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	575 api_keys = [self.api_key]
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	576 for api_key in UserApiKeys.query()\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	577 .filter(UserApiKeys.user_id == self.user_id)\
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	578 .filter(or_(UserApiKeys.expires == -1,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	579 UserApiKeys.expires >= time.time())).all():
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	580 api_keys.append(api_key.api_key)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	581
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	582 return api_keys
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	583
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	584 @property
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	585 def is_admin(self):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	586 return self.admin
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	587
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	588 @property
3865 100be6988bb0 show admin menu and list for users who are admins of repos. Marcin Kuzminski <marcin@python-works.com> parents: 3786 diff changeset	589 def repositories_admin(self):
3371 199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	590 """
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	591 Returns list of repositories you're an admin of
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	592 """
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	593 return [x[0] for x in self.permissions['repositories'].iteritems()
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	594 if x[1] == 'repository.admin']
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	595
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	596 @property
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	597 def repository_groups_admin(self):
3371 199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	598 """
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3371 diff changeset	599 Returns list of repository groups you're an admin of
3371 199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	600 """
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	601 return [x[0] for x in self.permissions['repositories_groups'].iteritems()
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	602 if x[1] == 'group.admin']
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	603
199fd214b213 Show admin dropdown for users who are admin of repo groups Marcin Kuzminski <marcin@python-works.com> parents: 3370 diff changeset	604 @property
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	605 def user_groups_admin(self):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	606 """
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	607 Returns list of user groups you're an admin of
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	608 """
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	609 return [x[0] for x in self.permissions['user_groups'].iteritems()
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	610 if x[1] == 'usergroup.admin']
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	611
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	612 @property
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	613 def ip_allowed(self):
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	614 """
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	615 Checks if ip_addr used in constructor is allowed from defined list of
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	616 allowed ip_addresses for user
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	617
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	618 :returns: boolean, True if ip is in allowed ip range
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	619 """
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	620 # check IP
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	621 inherit = self.inherit_default_permissions
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	622 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	623 inherit_from_default=inherit)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	624
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	625 @classmethod
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	626 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	627 allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	628 inherit_from_default=inherit_from_default)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	629 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	630 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	631 return True
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	632 else:
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	633 log.info('Access for IP:%s forbidden, '
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	634 'not in %s' % (ip_addr, allowed_ips))
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	635 return False
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	636
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	637 def __repr__(self):
3903 ddd05df2aced added more info into __repr__ of auth user for better debugging and logging Marcin Kuzminski <marcin@python-works.com> parents: 3865 diff changeset	638 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
ddd05df2aced added more info into __repr__ of auth user for better debugging and logging Marcin Kuzminski <marcin@python-works.com> parents: 3865 diff changeset	639 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	640
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	641 def set_authenticated(self, authenticated=True):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	642 if self.user_id != self.anonymous_user.user_id:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	643 self.is_authenticated = authenticated
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	644
1718 f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	645 def get_cookie_store(self):
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	646 return {'username': self.username,
1718 f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	647 'user_id': self.user_id,
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	648 'is_authenticated': self.is_authenticated}
1718 f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	649
f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	650 @classmethod
f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	651 def from_cookie_store(cls, cookie_store):
2030 61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	652 """
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	653 Creates AuthUser from a cookie store
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	654
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	655 :param cls:
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	656 :param cookie_store:
61f9aeb2129e Added session wrapper, for rc 1.2.X compatibility. Adds backwards compatability Marcin Kuzminski <marcin@python-works.com> parents: 2025 diff changeset	657 """
1718 f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	658 user_id = cookie_store.get('user_id')
f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	659 username = cookie_store.get('username')
f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	660 api_key = cookie_store.get('api_key')
f78bee8eec78 reduce cookie size for better support of client side sessions Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	661 return AuthUser(user_id, api_key, username)
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	662
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	663 @classmethod
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	664 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	665 _set = set()
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	666
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	667 if inherit_from_default:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	668 default_ips = UserIpMap.query().filter(UserIpMap.user ==
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	669 User.get_default_user(cache=True))
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	670 if cache:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	671 default_ips = default_ips.options(FromCache("sql_cache_short",
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	672 "get_user_ips_default"))
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	673
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	674 # populate from default user
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	675 for ip in default_ips:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	676 try:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	677 _set.add(ip.ip_addr)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	678 except ObjectDeletedError:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	679 # since we use heavy caching sometimes it happens that we get
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	680 # deleted objects here, we just skip them
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	681 pass
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	682
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	683 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	684 if cache:
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	685 user_ips = user_ips.options(FromCache("sql_cache_short",
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	686 "get_user_ips_%s" % user_id))
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	687
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	688 for ip in user_ips:
3212 6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	689 try:
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	690 _set.add(ip.ip_addr)
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	691 except ObjectDeletedError:
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	692 # since we use heavy caching sometimes it happens that we get
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	693 # deleted objects here, we just skip them
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	694 pass
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	695 return _set or set(['0.0.0.0/0', '::/0'])
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	696
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	697
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	698 def set_available_permissions(config):
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	699 """
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	700 This function will propagate pylons globals with all available defined
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	701 permission given in db. We don't want to check each time from db for new
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	702 permissions since adding a new permission also requires application restart
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	703 ie. to decorate new views with the newly created permission
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	704
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	705 :param config: current pylons config instance
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	706
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	707 """
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	708 log.info('getting information about all available permissions')
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	709 try:
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1728 diff changeset	710 sa = meta.Session
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	711 all_perms = sa.query(Permission).all()
4015 669721d1fe65 fixed edge case when connection to db fails and code reaches state of variable referenced before assignment Marcin Kuzminski <marcin@python-works.com> parents: 3960 diff changeset	712 config['available_permissions'] = [x.permission_name for x in all_perms]
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	713 except Exception:
4015 669721d1fe65 fixed edge case when connection to db fails and code reaches state of variable referenced before assignment Marcin Kuzminski <marcin@python-works.com> parents: 3960 diff changeset	714 log.error(traceback.format_exc())
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	715 finally:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	716 meta.Session.remove()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	717
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	718
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	719 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	720 # CHECK DECORATORS
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	721 #==============================================================================
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	722 class LoginRequired(object):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	723 """
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	724 Must be logged in to execute this function else
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	725 redirect to login page
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	726
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	727 :param api_access: if enabled this checks only for valid auth token
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	728 and grants access based on valid token
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	729 """
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	730
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	731 def __init__(self, api_access=False):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	732 self.api_access = api_access
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	733
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	734 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	735 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	736
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	737 def __wrapper(self, func, fargs, *fkwargs):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	738 cls = fargs[0]
4197 d208416c84c6 Rename rhodecode_user to authuser - it is an AuthUser instance Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4187 diff changeset	739 user = cls.authuser
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	740 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	741
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	742 # check if our IP is allowed
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	743 ip_access_valid = True
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	744 if not user.ip_allowed:
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	745 from kallithea.lib import helpers as h
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	746 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))),
c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	747 category='warning')
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	748 ip_access_valid = False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	749
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	750 # check if we used an APIKEY and it's a valid one
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	751 # defined whitelist of controllers which API access will be enabled
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	752 _api_key = request.GET.get('api_key', '')
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	753 api_access_valid = allowed_api_access(loc, api_key=_api_key)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	754
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	755 # explicit controller is enabled or API is in our whitelist
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	756 if self.api_access or api_access_valid:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	757 log.debug('Checking API KEY access for %s' % cls)
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	758 if _api_key and _api_key in user.api_keys:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	759 api_access_valid = True
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	760 log.debug('API KEY ****%s is VALID' % _api_key[-4:])
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	761 else:
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	762 api_access_valid = False
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	763 if not _api_key:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	764 log.debug("API KEY NOT present in request")
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	765 else:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	766 log.warn("API KEY ***%s NOT* valid" % _api_key[-4:])
3146 c5169e445fb8 Full IP restrictions enabled Marcin Kuzminski <marcin@python-works.com> parents: 3137 diff changeset	767
2025 7e979933ffec more work on improving info logging Marcin Kuzminski <marcin@python-works.com> parents: 2000 diff changeset	768 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	769 reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	770
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	771 if ip_access_valid and (user.is_authenticated or api_access_valid):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	772 log.info('user %s authenticating with:%s IS authenticated on func %s '
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	773 % (user, reason, loc)
2025 7e979933ffec more work on improving info logging Marcin Kuzminski <marcin@python-works.com> parents: 2000 diff changeset	774 )
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	775 return func(fargs, *fkwargs)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	776 else:
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	777 log.warn('user %s authenticating with:%s NOT authenticated on func: %s: '
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	778 'IP_ACCESS:%s API_ACCESS:%s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	779 % (user, reason, loc, ip_access_valid, api_access_valid)
2025 7e979933ffec more work on improving info logging Marcin Kuzminski <marcin@python-works.com> parents: 2000 diff changeset	780 )
1207 e61b7ba293db changed the way of generating url for came_from Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	781 p = url.current()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	782
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	783 log.debug('redirecting to login page with %s' % p)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	784 return redirect(url('login_home', came_from=p))
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	785
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	786
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	787 class NotAnonymous(object):
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	788 """
7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	789 Must be logged in to execute this function else
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	790 redirect to login page"""
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	791
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	792 def __call__(self, func):
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	793 return decorator(self.__wrapper, func)
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	794
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	795 def __wrapper(self, func, fargs, *fkwargs):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	796 cls = fargs[0]
4197 d208416c84c6 Rename rhodecode_user to authuser - it is an AuthUser instance Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4187 diff changeset	797 self.user = cls.authuser
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	798
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	799 log.debug('Checking if user is not anonymous @%s' % cls)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	800
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	801 anonymous = self.user.username == User.DEFAULT_USER
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	802
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	803 if anonymous:
1335 40c8d18102a9 fixed redirection link in notAnonymous decorator Marcin Kuzminski <marcin@python-works.com> parents: 1307 diff changeset	804 p = url.current()
1056 520d27f40b51 #113 removed anonymous access from forking, added system messages in login box. Marcin Kuzminski <marcin@python-works.com> parents: 1040 diff changeset	805
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	806 import kallithea.lib.helpers as h
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	807 h.flash(_('You need to be a registered user to '
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	808 'perform this action'),
1056 520d27f40b51 #113 removed anonymous access from forking, added system messages in login box. Marcin Kuzminski <marcin@python-works.com> parents: 1040 diff changeset	809 category='warning')
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	810 return redirect(url('login_home', came_from=p))
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	811 else:
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	812 return func(fargs, *fkwargs)
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	813
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	814
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	815 class PermsDecorator(object):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	816 """Base class for controller decorators"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	817
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	818 def __init__(self, *required_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	819 self.required_perms = set(required_perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	820 self.user_perms = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	821
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	822 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	823 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	824
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	825 def __wrapper(self, func, fargs, *fkwargs):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	826 cls = fargs[0]
4197 d208416c84c6 Rename rhodecode_user to authuser - it is an AuthUser instance Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4187 diff changeset	827 self.user = cls.authuser
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	828 self.user_perms = self.user.permissions
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	829 log.debug('checking %s permissions %s for %s %s',
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	830 self.__class__.__name__, self.required_perms, cls, self.user)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	831
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	832 if self.check_permissions():
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	833 log.debug('Permission granted for %s %s' % (cls, self.user))
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	834 return func(fargs, *fkwargs)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	835
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	836 else:
2025 7e979933ffec more work on improving info logging Marcin Kuzminski <marcin@python-works.com> parents: 2000 diff changeset	837 log.debug('Permission denied for %s %s' % (cls, self.user))
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	838 anonymous = self.user.username == User.DEFAULT_USER
1336 e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	839
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	840 if anonymous:
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	841 p = url.current()
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	842
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	843 import kallithea.lib.helpers as h
1336 e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	844 h.flash(_('You need to be a signed in to '
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	845 'view this page'),
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	846 category='warning')
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	847 return redirect(url('login_home', came_from=p))
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	848
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	849 else:
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1621 diff changeset	850 # redirect with forbidden ret code
1336 e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	851 return abort(403)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	852
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	853 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	854 """Dummy function for overriding"""
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	855 raise Exception('You have to write this function in child class')
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	856
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	857
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	858 class HasPermissionAllDecorator(PermsDecorator):
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	859 """
7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	860 Checks for access permission for all given predicates. All of them
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	861 have to be meet in order to fulfill the request
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	862 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	863
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	864 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	865 if self.required_perms.issubset(self.user_perms.get('global')):
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	866 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	867 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	868
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	869
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	870 class HasPermissionAnyDecorator(PermsDecorator):
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	871 """
7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	872 Checks for access permission for any of given predicates. In order to
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	873 fulfill the request any of predicates must be meet
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	874 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	875
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	876 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	877 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	878 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	879 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	880
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	881
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	882 class HasRepoPermissionAllDecorator(PermsDecorator):
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	883 """
7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	884 Checks for access permission for all given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	885 repository. All of them have to be meet in order to fulfill the request
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	886 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	887
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	888 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	889 repo_name = get_repo_slug(request)
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	890 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	891 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	892 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	893 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	894 if self.required_perms.issubset(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	895 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	896 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	897
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	898
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	899 class HasRepoPermissionAnyDecorator(PermsDecorator):
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	900 """
7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1644 diff changeset	901 Checks for access permission for any of given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	902 repository. In order to fulfill the request any of predicates must be meet
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	903 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	904
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	905 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	906 repo_name = get_repo_slug(request)
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	907 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	908 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	909 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	910 return False
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	911
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	912 if self.required_perms.intersection(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	913 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	914 return False
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	915
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	916
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	917 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	918 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	919 Checks for access permission for all given predicates for specific
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	920 repository group. All of them have to be meet in order to fulfill the request
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	921 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	922
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	923 def check_permissions(self):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	924 group_name = get_repo_group_slug(request)
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	925 try:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	926 user_perms = set([self.user_perms['repositories_groups'][group_name]])
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	927 except KeyError:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	928 return False
3222 b4daef4cc26d Group management delegation: Marcin Kuzminski <marcin@python-works.com> parents: 3212 diff changeset	929
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	930 if self.required_perms.issubset(user_perms):
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	931 return True
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	932 return False
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	933
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	934
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	935 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	936 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	937 Checks for access permission for any of given predicates for specific
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	938 repository group. In order to fulfill the request any of predicates must be meet
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	939 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	940
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	941 def check_permissions(self):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	942 group_name = get_repo_group_slug(request)
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	943 try:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	944 user_perms = set([self.user_perms['repositories_groups'][group_name]])
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	945 except KeyError:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	946 return False
3222 b4daef4cc26d Group management delegation: Marcin Kuzminski <marcin@python-works.com> parents: 3212 diff changeset	947
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	948 if self.required_perms.intersection(user_perms):
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	949 return True
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	950 return False
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	951
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	952
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	953 class HasUserGroupPermissionAllDecorator(PermsDecorator):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	954 """
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	955 Checks for access permission for all given predicates for specific
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	956 user group. All of them have to be meet in order to fulfill the request
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	957 """
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	958
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	959 def check_permissions(self):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	960 group_name = get_user_group_slug(request)
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	961 try:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	962 user_perms = set([self.user_perms['user_groups'][group_name]])
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	963 except KeyError:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	964 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	965
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	966 if self.required_perms.issubset(user_perms):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	967 return True
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	968 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	969
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	970
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	971 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	972 """
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	973 Checks for access permission for any of given predicates for specific
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	974 user group. In order to fulfill the request any of predicates must be meet
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	975 """
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	976
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	977 def check_permissions(self):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	978 group_name = get_user_group_slug(request)
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	979 try:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	980 user_perms = set([self.user_perms['user_groups'][group_name]])
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	981 except KeyError:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	982 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	983
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	984 if self.required_perms.intersection(user_perms):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	985 return True
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	986 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	987
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	988
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	989 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	990 # CHECK FUNCTIONS
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	991 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	992 class PermsFunction(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	993 """Base function for other check functions"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	994
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	995 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	996 self.required_perms = set(perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	997 self.user_perms = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	998 self.repo_name = None
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	999 self.group_name = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1000
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1001 def __call__(self, check_location='', user=None):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1002 if not user:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1003 #TODO: remove this someday,put as user as attribute here
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1004 user = request.user
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1005
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1006 # init auth user if not already given
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1007 if not isinstance(user, AuthUser):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1008 user = AuthUser(user.user_id)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1009
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1010 cls_name = self.__class__.__name__
097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1011 check_scope = {
097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1012 'HasPermissionAll': '',
097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1013 'HasPermissionAny': '',
097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1014 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1015 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1016 'HasRepoGroupPermissionAll': 'group:%s' % self.group_name,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1017 'HasRepoGroupPermissionAny': 'group:%s' % self.group_name,
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1018 }.get(cls_name, '?')
097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1019 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1020 self.required_perms, user, check_scope,
3313 14697de1598f refactor check_Location => check_location Marcin Kuzminski <marcin@python-works.com> parents: 3222 diff changeset	1021 check_location or 'unspecified location')
333 f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	1022 if not user:
2045 5b12cbae0b50 fixed issue with sessions that lead to redirection loops Marcin Kuzminski <marcin@python-works.com> parents: 2030 diff changeset	1023 log.debug('Empty request user')
333 f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	1024 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1025 self.user_perms = user.permissions
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1026 if self.check_permissions():
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1027 log.debug('Permission to %s granted for user: %s @ %s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1028 % (check_scope, user,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1029 check_location or 'unspecified location'))
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1030 return True
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1031
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1032 else:
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1033 log.debug('Permission to %s denied for user: %s @ %s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1034 % (check_scope, user,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1035 check_location or 'unspecified location'))
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1036 return False
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1037
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1038 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	1039 """Dummy function for overriding"""
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1040 raise Exception('You have to write this function in child class')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1041
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	1042
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1043 class HasPermissionAll(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1044 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1045 if self.required_perms.issubset(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1046 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1047 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1048
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	1049
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1050 class HasPermissionAny(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1051 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1052 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1053 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1054 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1055
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	1056
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1057 class HasRepoPermissionAll(PermsFunction):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1058 def __call__(self, repo_name=None, check_location='', user=None):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1059 self.repo_name = repo_name
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1060 return super(HasRepoPermissionAll, self).__call__(check_location, user)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1061
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1062 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1063 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1064 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1065
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1066 try:
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1067 self._user_perms = set(
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1068 [self.user_perms['repositories'][self.repo_name]]
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1069 )
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1070 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1071 return False
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1072 if self.required_perms.issubset(self._user_perms):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1073 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1074 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1075
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	1076
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1077 class HasRepoPermissionAny(PermsFunction):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1078 def __call__(self, repo_name=None, check_location='', user=None):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1079 self.repo_name = repo_name
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1080 return super(HasRepoPermissionAny, self).__call__(check_location, user)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1081
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1082 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1083 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1084 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1085
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1086 try:
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1087 self._user_perms = set(
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1088 [self.user_perms['repositories'][self.repo_name]]
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1089 )
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1090 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	1091 return False
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1092 if self.required_perms.intersection(self._user_perms):
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	1093 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	1094 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	1095
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	1096
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1097 class HasRepoGroupPermissionAny(PermsFunction):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1098 def __call__(self, group_name=None, check_location='', user=None):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1099 self.group_name = group_name
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1100 return super(HasRepoGroupPermissionAny, self).__call__(check_location, user)
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1101
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1102 def check_permissions(self):
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1103 try:
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1104 self._user_perms = set(
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1105 [self.user_perms['repositories_groups'][self.group_name]]
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1106 )
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1107 except KeyError:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1108 return False
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1109 if self.required_perms.intersection(self._user_perms):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1110 return True
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1111 return False
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1112
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1113
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1114 class HasRepoGroupPermissionAll(PermsFunction):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1115 def __call__(self, group_name=None, check_location='', user=None):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1116 self.group_name = group_name
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1117 return super(HasRepoGroupPermissionAll, self).__call__(check_location, user)
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1118
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1119 def check_permissions(self):
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1120 try:
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1121 self._user_perms = set(
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1122 [self.user_perms['repositories_groups'][self.group_name]]
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1123 )
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1124 except KeyError:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1125 return False
2125 097327aaf2ad more detailed logging on auth system Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	1126 if self.required_perms.issubset(self._user_perms):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1127 return True
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1128 return False
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1129
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	1130
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1131 class HasUserGroupPermissionAny(PermsFunction):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1132 def __call__(self, user_group_name=None, check_location='', user=None):
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1133 self.user_group_name = user_group_name
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1134 return super(HasUserGroupPermissionAny, self).__call__(check_location, user)
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1135
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1136 def check_permissions(self):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1137 try:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1138 self._user_perms = set(
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1139 [self.user_perms['user_groups'][self.user_group_name]]
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1140 )
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1141 except KeyError:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1142 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1143 if self.required_perms.intersection(self._user_perms):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1144 return True
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1145 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1146
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1147
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1148 class HasUserGroupPermissionAll(PermsFunction):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1149 def __call__(self, user_group_name=None, check_location='', user=None):
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1150 self.user_group_name = user_group_name
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1151 return super(HasUserGroupPermissionAll, self).__call__(check_location, user)
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1152
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1153 def check_permissions(self):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1154 try:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1155 self._user_perms = set(
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1156 [self.user_perms['user_groups'][self.user_group_name]]
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1157 )
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1158 except KeyError:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1159 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1160 if self.required_perms.issubset(self._user_perms):
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1161 return True
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1162 return False
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3632 diff changeset	1163
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1164
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	1165 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1166 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	1167 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1168 class HasPermissionAnyMiddleware(object):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1169 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1170 self.required_perms = set(perms)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1171
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1172 def __call__(self, user, repo_name):
2100 f0649c7cf94a fixed some unicode problems with waitress Marcin Kuzminski <marcin@python-works.com> parents: 2045 diff changeset	1173 # repo_name MUST be unicode, since we handle keys in permission
f0649c7cf94a fixed some unicode problems with waitress Marcin Kuzminski <marcin@python-works.com> parents: 2045 diff changeset	1174 # dict by unicode
f0649c7cf94a fixed some unicode problems with waitress Marcin Kuzminski <marcin@python-works.com> parents: 2045 diff changeset	1175 repo_name = safe_unicode(repo_name)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	1176 usr = AuthUser(user.user_id)
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1177 try:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	1178 self.user_perms = set([usr.permissions['repositories'][repo_name]])
2100 f0649c7cf94a fixed some unicode problems with waitress Marcin Kuzminski <marcin@python-works.com> parents: 2045 diff changeset	1179 except Exception:
2109 8ecfed1d8f8b utils/conf Marcin Kuzminski <marcin@python-works.com> parents: 2105 diff changeset	1180 log.error('Exception while accessing permissions %s' %
2100 f0649c7cf94a fixed some unicode problems with waitress Marcin Kuzminski <marcin@python-works.com> parents: 2045 diff changeset	1181 traceback.format_exc())
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1182 self.user_perms = set()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1183 self.username = user.username
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1184 self.repo_name = repo_name
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1185 return self.check_permissions()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	1186
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1187 def check_permissions(self):
2726 aa17c7a1b8a5 Implemented basic locking functionality. Marcin Kuzminski <marcin@python-works.com> parents: 2714 diff changeset	1188 log.debug('checking VCS protocol '
1040 8e49b6ceffe1 fixes fixes fixes ! optimized queries on journal Marcin Kuzminski <marcin@python-works.com> parents: 1036 diff changeset	1189 'permissions %s for user:%s repository:%s', self.user_perms,
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1190 self.username, self.repo_name)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1191 if self.required_perms.intersection(self.user_perms):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1192 log.debug('Permission to repo: %s granted for user: %s @ %s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1193 % (self.repo_name, self.username, 'PermissionMiddleware'))
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1194 return True
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1195 log.debug('Permission to repo: %s denied for user: %s @ %s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1196 % (self.repo_name, self.username, 'PermissionMiddleware'))
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	1197 return False
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1198
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1199
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1200 #==============================================================================
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1201 # SPECIAL VERSION TO HANDLE API AUTH
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1202 #==============================================================================
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1203 class _BaseApiPerm(object):
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1204 def __init__(self, *perms):
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1205 self.required_perms = set(perms)
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1206
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1207 def __call__(self, check_location=None, user=None, repo_name=None,
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1208 group_name=None):
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1209 cls_name = self.__class__.__name__
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1210 check_scope = 'user:%s' % (user)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1211 if repo_name:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1212 check_scope += ', repo:%s' % (repo_name)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1213
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1214 if group_name:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1215 check_scope += ', repo group:%s' % (group_name)
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1216
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1217 log.debug('checking cls:%s %s %s @ %s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1218 % (cls_name, self.required_perms, check_scope, check_location))
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1219 if not user:
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1220 log.debug('Empty User passed into arguments')
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1221 return False
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1222
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1223 ## process user
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1224 if not isinstance(user, AuthUser):
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1225 user = AuthUser(user.user_id)
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1226 if not check_location:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1227 check_location = 'unspecified'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1228 if self.check_permissions(user.permissions, repo_name, group_name):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1229 log.debug('Permission to %s granted for user: %s @ %s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1230 % (check_scope, user, check_location))
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1231 return True
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1232
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1233 else:
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1234 log.debug('Permission to %s denied for user: %s @ %s'
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1235 % (check_scope, user, check_location))
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1236 return False
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1237
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1238 def check_permissions(self, perm_defs, repo_name=None, group_name=None):
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1239 """
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1240 implement in child class should return True if permissions are ok,
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1241 False otherwise
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1242
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1243 :param perm_defs: dict with permission definitions
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1244 :param repo_name: repo name
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1245 """
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1246 raise NotImplementedError()
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1247
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1248
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1249 class HasPermissionAllApi(_BaseApiPerm):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1250 def check_permissions(self, perm_defs, repo_name=None, group_name=None):
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1251 if self.required_perms.issubset(perm_defs.get('global')):
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1252 return True
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1253 return False
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1254
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1255
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1256 class HasPermissionAnyApi(_BaseApiPerm):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1257 def check_permissions(self, perm_defs, repo_name=None, group_name=None):
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1258 if self.required_perms.intersection(perm_defs.get('global')):
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1259 return True
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1260 return False
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1261
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1262
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1263 class HasRepoPermissionAllApi(_BaseApiPerm):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1264 def check_permissions(self, perm_defs, repo_name=None, group_name=None):
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1265 try:
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1266 _user_perms = set([perm_defs['repositories'][repo_name]])
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1267 except KeyError:
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1268 log.warning(traceback.format_exc())
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1269 return False
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1270 if self.required_perms.issubset(_user_perms):
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1271 return True
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1272 return False
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1273
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1274
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1275 class HasRepoPermissionAnyApi(_BaseApiPerm):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1276 def check_permissions(self, perm_defs, repo_name=None, group_name=None):
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1277 try:
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1278 _user_perms = set([perm_defs['repositories'][repo_name]])
3161 3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1279 except KeyError:
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1280 log.warning(traceback.format_exc())
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1281 return False
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1282 if self.required_perms.intersection(_user_perms):
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1283 return True
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1284 return False
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1285
3563c47e52fd Implemented API calls for non-admin users for locking/unlocking repositories Marcin Kuzminski <marcin@python-works.com> parents: 3146 diff changeset	1286
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1287 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1288 def check_permissions(self, perm_defs, repo_name=None, group_name=None):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1289 try:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1290 _user_perms = set([perm_defs['repositories_groups'][group_name]])
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1291 except KeyError:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1292 log.warning(traceback.format_exc())
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1293 return False
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1294 if self.required_perms.intersection(_user_perms):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1295 return True
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1296 return False
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1297
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1298 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1299 def check_permissions(self, perm_defs, repo_name=None, group_name=None):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1300 try:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1301 _user_perms = set([perm_defs['repositories_groups'][group_name]])
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1302 except KeyError:
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1303 log.warning(traceback.format_exc())
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1304 return False
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1305 if self.required_perms.issubset(_user_perms):
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1306 return True
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1307 return False
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1308
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1309 def check_ip_access(source_ip, allowed_ips=None):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1310 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1311 Checks if source_ip is a subnet of any of allowed_ips.
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1312
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1313 :param source_ip:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1314 :param allowed_ips: list of allowed ips together with mask
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1315 """
4186 7e5f8c12a3fc First step in two-part process to rename directories to kallithea. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4116 diff changeset	1316 from kallithea.lib import ipaddr
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1317 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1318 if isinstance(allowed_ips, (tuple, list, set)):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1319 for ip in allowed_ips:
3212 6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1320 try:
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1321 if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
4116 ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1322 log.debug('IP %s is network %s' %
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5. Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 4089 diff changeset	1323 (ipaddr.IPAddress(source_ip), ipaddr.IPNetwork(ip)))
3212 6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1324 return True
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1325 # for any case we cannot determine the IP, don't crash just
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1326 # skip it and log as error, we want to say forbidden still when
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1327 # sending bad IP
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1328 except Exception:
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1329 log.error(traceback.format_exc())
6c28533d122c IP restrictions now also enabled for IPv6 Marcin Kuzminski <marcin@python-works.com> parents: 3173 diff changeset	1330 continue
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 2726 diff changeset	1331 return False

Mercurial > kallithea

annotate kallithea/lib/auth.py @ 4208:ad38f9f93b3b kallithea-2.2.5-rebrand