Mercurial > kallithea
annotate rhodecode/model/repos_group.py @ 3853:be2b75779da3 beta
Repository groups: super admin shouldn't have the permission set
when he creates a group. Super admins anyway can edit groups even without
explicit permissions set
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Sun, 12 May 2013 19:19:33 +0200 |
parents | ff57547c9cf7 |
children | 5293d4bbb1ea |
rev | line source |
---|---|
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
1 # -*- coding: utf-8 -*- |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
2 """ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
3 rhodecode.model.user_group |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
5 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3222
diff
changeset
|
6 repo group model for RhodeCode |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
7 |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
8 :created_on: Jan 25, 2011 |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
9 :author: marcink |
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
10 :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
12 """ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
16 # (at your option) any later version. |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
17 # |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
21 # GNU General Public License for more details. |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
22 # |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
25 |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
26 import os |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
27 import logging |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
28 import traceback |
1347
43b8e161be3f
#47 implemented basic edition of groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1346
diff
changeset
|
29 import shutil |
2961
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
30 import datetime |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
31 |
2109 | 32 from rhodecode.lib.utils2 import LazyProperty |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
33 |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
34 from rhodecode.model import BaseModel |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
35 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
36 User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
37 |
1593 | 38 log = logging.getLogger(__name__) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
39 |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
40 |
1593 | 41 class ReposGroupModel(BaseModel): |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
42 |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2467
diff
changeset
|
43 cls = RepoGroup |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2467
diff
changeset
|
44 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
45 def _get_user_group(self, users_group): |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
46 return self._get_instance(UserGroup, users_group, |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
47 callback=UserGroup.get_by_group_name) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
48 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
49 def _get_repo_group(self, repos_group): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
50 return self._get_instance(RepoGroup, repos_group, |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
51 callback=RepoGroup.get_by_group_name) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
52 |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
53 @LazyProperty |
1593 | 54 def repos_path(self): |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
55 """ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
56 Get's the repositories root path from database |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
57 """ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
58 |
2708
9bce679a3f49
Added form for controlling mercurial extensions
Marcin Kuzminski <marcin@python-works.com>
parents:
2631
diff
changeset
|
59 q = RhodeCodeUi.get_by_key('/') |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
60 return q.ui_value |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
61 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
62 def _create_default_perms(self, new_group): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
63 # create default permission |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
64 default_perm = 'group.read' |
3734
a8f520540ab0
New default permissions definition for user group create
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
65 def_user = User.get_default_user() |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
66 for p in def_user.user_perms: |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
67 if p.permission.permission_name.startswith('group.'): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
68 default_perm = p.permission.permission_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
69 break |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
70 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
71 repo_group_to_perm = UserRepoGroupToPerm() |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
72 repo_group_to_perm.permission = Permission.get_by_key(default_perm) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
73 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
74 repo_group_to_perm.group = new_group |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
75 repo_group_to_perm.user_id = def_user.user_id |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
76 return repo_group_to_perm |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
77 |
1594 | 78 def __create_group(self, group_name): |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
79 """ |
3416
5706f6ab60cf
follow-up on texts missing from 'users groups'/'repositories group' cleanup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
80 makes repository group on filesystem |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
81 |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
82 :param repo_name: |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
83 :param parent_id: |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
84 """ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
85 |
1594 | 86 create_path = os.path.join(self.repos_path, group_name) |
1976 | 87 log.debug('creating new group in %s' % create_path) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
88 |
1593 | 89 if os.path.isdir(create_path): |
90 raise Exception('That directory already exists !') | |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
91 |
1593 | 92 os.makedirs(create_path) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
93 |
1594 | 94 def __rename_group(self, old, new): |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
95 """ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
96 Renames a group on filesystem |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
97 |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
98 :param group_name: |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
99 """ |
1594 | 100 |
101 if old == new: | |
102 log.debug('skipping group rename') | |
103 return | |
104 | |
3653
4c78a0855a17
Fix 'repos group' - it is 'repository group'
Mads Kiilerich <madski@unity3d.com>
parents:
3631
diff
changeset
|
105 log.debug('renaming repository group from %s to %s' % (old, new)) |
1347
43b8e161be3f
#47 implemented basic edition of groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1346
diff
changeset
|
106 |
1594 | 107 old_path = os.path.join(self.repos_path, old) |
108 new_path = os.path.join(self.repos_path, new) | |
1349
526120c77a38
#47 added editing of groups, and moving them between. Added check constraint for groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1347
diff
changeset
|
109 |
1976 | 110 log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) |
1349
526120c77a38
#47 added editing of groups, and moving them between. Added check constraint for groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1347
diff
changeset
|
111 |
1593 | 112 if os.path.isdir(new_path): |
113 raise Exception('Was trying to rename to already ' | |
114 'existing dir %s' % new_path) | |
115 shutil.move(old_path, new_path) | |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
116 |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
117 def __delete_group(self, group, force_delete=False): |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
118 """ |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
119 Deletes a group from a filesystem |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
120 |
1346
cf78d302d441
#47 implemented deleting of empty groups. Fixed problem with full paths on nested groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1345
diff
changeset
|
121 :param group: instance of group from database |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
122 :param force_delete: use shutil rmtree to remove all objects |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
123 """ |
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1594
diff
changeset
|
124 paths = group.full_path.split(RepoGroup.url_sep()) |
1593 | 125 paths = os.sep.join(paths) |
1346
cf78d302d441
#47 implemented deleting of empty groups. Fixed problem with full paths on nested groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1345
diff
changeset
|
126 |
1593 | 127 rm_path = os.path.join(self.repos_path, paths) |
2961
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
128 log.info("Removing group %s" % (rm_path)) |
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
129 # delete only if that path really exists |
1594 | 130 if os.path.isdir(rm_path): |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
131 if force_delete: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
132 shutil.rmtree(rm_path) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
133 else: |
2961
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
134 #archive that group` |
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
135 _now = datetime.datetime.now() |
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
136 _ms = str(_now.microsecond).rjust(6, '0') |
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
137 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms), |
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
138 group.name) |
08f89c688592
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
139 shutil.move(rm_path, os.path.join(self.repos_path, _d)) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
140 |
3222
b4daef4cc26d
Group management delegation:
Marcin Kuzminski <marcin@python-works.com>
parents:
3221
diff
changeset
|
141 def create(self, group_name, group_description, owner, parent=None, just_db=False): |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
142 try: |
3853
be2b75779da3
Repository groups: super admin shouldn't have the permission set
Marcin Kuzminski <marcin@python-works.com>
parents:
3827
diff
changeset
|
143 user = self._get_user(owner) |
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1594
diff
changeset
|
144 new_repos_group = RepoGroup() |
3853
be2b75779da3
Repository groups: super admin shouldn't have the permission set
Marcin Kuzminski <marcin@python-works.com>
parents:
3827
diff
changeset
|
145 new_repos_group.user = user |
3222
b4daef4cc26d
Group management delegation:
Marcin Kuzminski <marcin@python-works.com>
parents:
3221
diff
changeset
|
146 new_repos_group.group_description = group_description or group_name |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
147 new_repos_group.parent_group = self._get_repo_group(parent) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
148 new_repos_group.group_name = new_repos_group.get_new_name(group_name) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
149 |
1593 | 150 self.sa.add(new_repos_group) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
151 perm_obj = self._create_default_perms(new_repos_group) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
152 self.sa.add(perm_obj) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
153 |
3853
be2b75779da3
Repository groups: super admin shouldn't have the permission set
Marcin Kuzminski <marcin@python-works.com>
parents:
3827
diff
changeset
|
154 #create an ADMIN permission for owner except if we're super admin, |
be2b75779da3
Repository groups: super admin shouldn't have the permission set
Marcin Kuzminski <marcin@python-works.com>
parents:
3827
diff
changeset
|
155 #later owner should go into the owner field of groups |
be2b75779da3
Repository groups: super admin shouldn't have the permission set
Marcin Kuzminski <marcin@python-works.com>
parents:
3827
diff
changeset
|
156 if not user.is_admin: |
be2b75779da3
Repository groups: super admin shouldn't have the permission set
Marcin Kuzminski <marcin@python-works.com>
parents:
3827
diff
changeset
|
157 self.grant_user_permission(repos_group=new_repos_group, |
be2b75779da3
Repository groups: super admin shouldn't have the permission set
Marcin Kuzminski <marcin@python-works.com>
parents:
3827
diff
changeset
|
158 user=owner, perm='group.admin') |
3222
b4daef4cc26d
Group management delegation:
Marcin Kuzminski <marcin@python-works.com>
parents:
3221
diff
changeset
|
159 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
160 if not just_db: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
161 # we need to flush here, in order to check if database won't |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
162 # throw any exceptions, create filesystem dirs at the very end |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
163 self.sa.flush() |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
164 self.__create_group(new_repos_group.group_name) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
165 |
1589
307ec693bdf2
[API] Create groups needed when creating repo
Nicolas VINOT <aeris@imirhil.fr>
parents:
1349
diff
changeset
|
166 return new_repos_group |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3459
diff
changeset
|
167 except Exception: |
1593 | 168 log.error(traceback.format_exc()) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
169 raise |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
170 |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
171 def _update_permissions(self, repos_group, perms_new=None, |
3827
ff57547c9cf7
Add flag for permission check in _update_permissions function
Marcin Kuzminski <marcin@python-works.com>
parents:
3789
diff
changeset
|
172 perms_updates=None, recursive=False, |
ff57547c9cf7
Add flag for permission check in _update_permissions function
Marcin Kuzminski <marcin@python-works.com>
parents:
3789
diff
changeset
|
173 check_perms=True): |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
174 from rhodecode.model.repo import RepoModel |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
175 from rhodecode.lib.auth import HasUserGroupPermissionAny |
3827
ff57547c9cf7
Add flag for permission check in _update_permissions function
Marcin Kuzminski <marcin@python-works.com>
parents:
3789
diff
changeset
|
176 |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
177 if not perms_new: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
178 perms_new = [] |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
179 if not perms_updates: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
180 perms_updates = [] |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
181 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
182 def _set_perm_user(obj, user, perm): |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
183 if isinstance(obj, RepoGroup): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
184 self.grant_user_permission( |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
185 repos_group=obj, user=user, perm=perm |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
186 ) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
187 elif isinstance(obj, Repository): |
3221
dd0ee9119aa9
recursive mode of setting permission should skip private repositories, they should remain private, it's proper thing to do !
Marcin Kuzminski <marcin@python-works.com>
parents:
3166
diff
changeset
|
188 #we do this ONLY IF repository is non-private |
dd0ee9119aa9
recursive mode of setting permission should skip private repositories, they should remain private, it's proper thing to do !
Marcin Kuzminski <marcin@python-works.com>
parents:
3166
diff
changeset
|
189 if obj.private: |
dd0ee9119aa9
recursive mode of setting permission should skip private repositories, they should remain private, it's proper thing to do !
Marcin Kuzminski <marcin@python-works.com>
parents:
3166
diff
changeset
|
190 return |
dd0ee9119aa9
recursive mode of setting permission should skip private repositories, they should remain private, it's proper thing to do !
Marcin Kuzminski <marcin@python-works.com>
parents:
3166
diff
changeset
|
191 |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
192 # we set group permission but we have to switch to repo |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
193 # permission |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
194 perm = perm.replace('group.', 'repository.') |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
195 RepoModel().grant_user_permission( |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
196 repo=obj, user=user, perm=perm |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
197 ) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
198 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
199 def _set_perm_group(obj, users_group, perm): |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
200 if isinstance(obj, RepoGroup): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
201 self.grant_users_group_permission( |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
202 repos_group=obj, group_name=users_group, perm=perm |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
203 ) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
204 elif isinstance(obj, Repository): |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
205 # we set group permission but we have to switch to repo |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
206 # permission |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
207 perm = perm.replace('group.', 'repository.') |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
208 RepoModel().grant_users_group_permission( |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
209 repo=obj, group_name=users_group, perm=perm |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
210 ) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
211 updates = [] |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
212 log.debug('Now updating permissions for %s in recursive mode:%s' |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
213 % (repos_group, recursive)) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
214 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
215 for obj in repos_group.recursive_groups_and_repos(): |
3221
dd0ee9119aa9
recursive mode of setting permission should skip private repositories, they should remain private, it's proper thing to do !
Marcin Kuzminski <marcin@python-works.com>
parents:
3166
diff
changeset
|
216 #obj is an instance of a group or repositories in that group |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
217 if not recursive: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
218 obj = repos_group |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
219 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
220 # update permissions |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
221 for member, perm, member_type in perms_updates: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
222 ## set for user |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
223 if member_type == 'user': |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
224 # this updates also current one if found |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
225 _set_perm_user(obj, user=member, perm=perm) |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3222
diff
changeset
|
226 ## set for user group |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
227 else: |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
228 #check if we have permissions to alter this usergroup |
3827
ff57547c9cf7
Add flag for permission check in _update_permissions function
Marcin Kuzminski <marcin@python-works.com>
parents:
3789
diff
changeset
|
229 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
ff57547c9cf7
Add flag for permission check in _update_permissions function
Marcin Kuzminski <marcin@python-works.com>
parents:
3789
diff
changeset
|
230 if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
231 _set_perm_group(obj, users_group=member, perm=perm) |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
232 # set new permissions |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
233 for member, perm, member_type in perms_new: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
234 if member_type == 'user': |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
235 _set_perm_user(obj, user=member, perm=perm) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
236 else: |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
237 #check if we have permissions to alter this usergroup |
3827
ff57547c9cf7
Add flag for permission check in _update_permissions function
Marcin Kuzminski <marcin@python-works.com>
parents:
3789
diff
changeset
|
238 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
ff57547c9cf7
Add flag for permission check in _update_permissions function
Marcin Kuzminski <marcin@python-works.com>
parents:
3789
diff
changeset
|
239 if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
3789
32f66c839c54
managing users groups enforce permissions checks.
Marcin Kuzminski <marcin@python-works.com>
parents:
3734
diff
changeset
|
240 _set_perm_group(obj, users_group=member, perm=perm) |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
241 updates.append(obj) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
242 #if it's not recursive call |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
243 # break the loop and don't proceed with other changes |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
244 if not recursive: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
245 break |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
246 return updates |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
247 |
3222
b4daef4cc26d
Group management delegation:
Marcin Kuzminski <marcin@python-works.com>
parents:
3221
diff
changeset
|
248 def update(self, repos_group, form_data): |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
249 |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
250 try: |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
251 repos_group = self._get_repo_group(repos_group) |
1594 | 252 old_path = repos_group.full_path |
1734
48d4fcf04a29
another major refactoring with session management
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
253 |
1594 | 254 # change properties |
255 repos_group.group_description = form_data['group_description'] | |
2059
d7f1fe9cb146
fixes issue #366 setting null on parent_group didn't propagate to actually db field.
Marcin Kuzminski <marcin@python-works.com>
parents:
1982
diff
changeset
|
256 repos_group.group_parent_id = form_data['group_parent_id'] |
2749
3ed4dae499d0
Recursive set locking on all children of a group.
Marcin Kuzminski <marcin@python-works.com>
parents:
2708
diff
changeset
|
257 repos_group.enable_locking = form_data['enable_locking'] |
3459
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
258 |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
259 repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) |
1594 | 260 repos_group.group_name = repos_group.get_new_name(form_data['group_name']) |
261 new_path = repos_group.full_path | |
1593 | 262 self.sa.add(repos_group) |
1347
43b8e161be3f
#47 implemented basic edition of groups
Marcin Kuzminski <marcin@python-works.com>
parents:
1346
diff
changeset
|
263 |
3459
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
264 # iterate over all members of this groups and do fixes |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
265 # set locking if given |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
266 # if obj is a repoGroup also fix the name of the group according |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
267 # to the parent |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
268 # if obj is a Repo fix it's name |
2749
3ed4dae499d0
Recursive set locking on all children of a group.
Marcin Kuzminski <marcin@python-works.com>
parents:
2708
diff
changeset
|
269 # this can be potentially heavy operation |
3ed4dae499d0
Recursive set locking on all children of a group.
Marcin Kuzminski <marcin@python-works.com>
parents:
2708
diff
changeset
|
270 for obj in repos_group.recursive_groups_and_repos(): |
3ed4dae499d0
Recursive set locking on all children of a group.
Marcin Kuzminski <marcin@python-works.com>
parents:
2708
diff
changeset
|
271 #set the value from it's parent |
3ed4dae499d0
Recursive set locking on all children of a group.
Marcin Kuzminski <marcin@python-works.com>
parents:
2708
diff
changeset
|
272 obj.enable_locking = repos_group.enable_locking |
3459
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
273 if isinstance(obj, RepoGroup): |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
274 new_name = obj.get_new_name(obj.name) |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
275 log.debug('Fixing group %s to new name %s' \ |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
276 % (obj.group_name, new_name)) |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
277 obj.group_name = new_name |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
278 elif isinstance(obj, Repository): |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
279 # we need to get all repositories from this new group and |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
280 # rename them accordingly to new group path |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
281 new_name = obj.get_new_name(obj.just_name) |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
282 log.debug('Fixing repo %s to new name %s' \ |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
283 % (obj.repo_name, new_name)) |
94f251fda314
fixed issue with renaming repos group together with changing parents with multiple nested trees
Marcin Kuzminski <marcin@python-works.com>
parents:
3417
diff
changeset
|
284 obj.repo_name = new_name |
2749
3ed4dae499d0
Recursive set locking on all children of a group.
Marcin Kuzminski <marcin@python-works.com>
parents:
2708
diff
changeset
|
285 self.sa.add(obj) |
3ed4dae499d0
Recursive set locking on all children of a group.
Marcin Kuzminski <marcin@python-works.com>
parents:
2708
diff
changeset
|
286 |
2059
d7f1fe9cb146
fixes issue #366 setting null on parent_group didn't propagate to actually db field.
Marcin Kuzminski <marcin@python-works.com>
parents:
1982
diff
changeset
|
287 self.__rename_group(old_path, new_path) |
d7f1fe9cb146
fixes issue #366 setting null on parent_group didn't propagate to actually db field.
Marcin Kuzminski <marcin@python-works.com>
parents:
1982
diff
changeset
|
288 |
1594 | 289 return repos_group |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3459
diff
changeset
|
290 except Exception: |
1593 | 291 log.error(traceback.format_exc()) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
292 raise |
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
293 |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
294 def delete(self, repos_group, force_delete=False): |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
295 repos_group = self._get_repo_group(repos_group) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
296 try: |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
297 self.sa.delete(repos_group) |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
298 self.__delete_group(repos_group, force_delete) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3459
diff
changeset
|
299 except Exception: |
3166
abd49f6f5805
remove log.exception call
Marcin Kuzminski <marcin@python-works.com>
parents:
2961
diff
changeset
|
300 log.error('Error removing repos_group %s' % repos_group) |
1345
3bce31f026b8
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
301 raise |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
302 |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
303 def delete_permission(self, repos_group, obj, obj_type, recursive): |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
304 """ |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
305 Revokes permission for repos_group for given obj(user or users_group), |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3222
diff
changeset
|
306 obj_type can be user or user group |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
307 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
308 :param repos_group: |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3222
diff
changeset
|
309 :param obj: user or user group id |
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3222
diff
changeset
|
310 :param obj_type: user or user group type |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
311 :param recursive: recurse to all children of group |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
312 """ |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
313 from rhodecode.model.repo import RepoModel |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
314 repos_group = self._get_repo_group(repos_group) |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
315 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
316 for el in repos_group.recursive_groups_and_repos(): |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
317 if not recursive: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
318 # if we don't recurse set the permission on only the top level |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
319 # object |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
320 el = repos_group |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
321 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
322 if isinstance(el, RepoGroup): |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
323 if obj_type == 'user': |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
324 ReposGroupModel().revoke_user_permission(el, user=obj) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
325 elif obj_type == 'users_group': |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
326 ReposGroupModel().revoke_users_group_permission(el, group_name=obj) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
327 else: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
328 raise Exception('undefined object type %s' % obj_type) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
329 elif isinstance(el, Repository): |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
330 if obj_type == 'user': |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
331 RepoModel().revoke_user_permission(el, user=obj) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
332 elif obj_type == 'users_group': |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
333 RepoModel().revoke_users_group_permission(el, group_name=obj) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
334 else: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
335 raise Exception('undefined object type %s' % obj_type) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
336 |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
337 #if it's not recursive call |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
338 # break the loop and don't proceed with other changes |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
339 if not recursive: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
340 break |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
341 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
342 def grant_user_permission(self, repos_group, user, perm): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
343 """ |
3416
5706f6ab60cf
follow-up on texts missing from 'users groups'/'repositories group' cleanup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
344 Grant permission for user on given repository group, or update |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
345 existing one if found |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
346 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
347 :param repos_group: Instance of ReposGroup, repositories_group_id, |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
348 or repositories_group name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
349 :param user: Instance of User, user_id or username |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
350 :param perm: Instance of Permission, or permission_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
351 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
352 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
353 repos_group = self._get_repo_group(repos_group) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
354 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
355 permission = self._get_perm(perm) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
356 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
357 # check if we have that permission already |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
358 obj = self.sa.query(UserRepoGroupToPerm)\ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
359 .filter(UserRepoGroupToPerm.user == user)\ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
360 .filter(UserRepoGroupToPerm.group == repos_group)\ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
361 .scalar() |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
362 if obj is None: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
363 # create new ! |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
364 obj = UserRepoGroupToPerm() |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
365 obj.group = repos_group |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
366 obj.user = user |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
367 obj.permission = permission |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
368 self.sa.add(obj) |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
369 log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
370 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
371 def revoke_user_permission(self, repos_group, user): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
372 """ |
3416
5706f6ab60cf
follow-up on texts missing from 'users groups'/'repositories group' cleanup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
373 Revoke permission for user on given repository group |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
374 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
375 :param repos_group: Instance of ReposGroup, repositories_group_id, |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
376 or repositories_group name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
377 :param user: Instance of User, user_id or username |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
378 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
379 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
380 repos_group = self._get_repo_group(repos_group) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
381 user = self._get_user(user) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
382 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
383 obj = self.sa.query(UserRepoGroupToPerm)\ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
384 .filter(UserRepoGroupToPerm.user == user)\ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
385 .filter(UserRepoGroupToPerm.group == repos_group)\ |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
386 .scalar() |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
387 if obj: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
388 self.sa.delete(obj) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
389 log.debug('Revoked perm on %s on %s' % (repos_group, user)) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
390 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
391 def grant_users_group_permission(self, repos_group, group_name, perm): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
392 """ |
3416
5706f6ab60cf
follow-up on texts missing from 'users groups'/'repositories group' cleanup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
393 Grant permission for user group on given repository group, or update |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
394 existing one if found |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
395 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
396 :param repos_group: Instance of ReposGroup, repositories_group_id, |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
397 or repositories_group name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
398 :param group_name: Instance of UserGroup, users_group_id, |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3222
diff
changeset
|
399 or user group name |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
400 :param perm: Instance of Permission, or permission_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
401 """ |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
402 repos_group = self._get_repo_group(repos_group) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
403 group_name = self._get_user_group(group_name) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
404 permission = self._get_perm(perm) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
405 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
406 # check if we have that permission already |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
407 obj = self.sa.query(UserGroupRepoGroupToPerm)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
408 .filter(UserGroupRepoGroupToPerm.group == repos_group)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
409 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
410 .scalar() |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
411 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
412 if obj is None: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
413 # create new |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
414 obj = UserGroupRepoGroupToPerm() |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
415 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
416 obj.group = repos_group |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
417 obj.users_group = group_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
418 obj.permission = permission |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
419 self.sa.add(obj) |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
420 log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
421 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
422 def revoke_users_group_permission(self, repos_group, group_name): |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
423 """ |
3416
5706f6ab60cf
follow-up on texts missing from 'users groups'/'repositories group' cleanup
Mads Kiilerich <madski@unity3d.com>
parents:
3410
diff
changeset
|
424 Revoke permission for user group on given repository group |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
425 |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
426 :param repos_group: Instance of ReposGroup, repositories_group_id, |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
427 or repositories_group name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
428 :param group_name: Instance of UserGroup, users_group_id, |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3222
diff
changeset
|
429 or user group name |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
430 """ |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
431 repos_group = self._get_repo_group(repos_group) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3653
diff
changeset
|
432 group_name = self._get_user_group(group_name) |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
433 |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
434 obj = self.sa.query(UserGroupRepoGroupToPerm)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
435 .filter(UserGroupRepoGroupToPerm.group == repos_group)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3416
diff
changeset
|
436 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ |
2820
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
437 .scalar() |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
438 if obj: |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
439 self.sa.delete(obj) |
c0cc8f8a71b0
Permissions on group can be set in recursive mode setting defined permission to all children
Marcin Kuzminski <marcin@python-works.com>
parents:
2749
diff
changeset
|
440 log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) |