kallithea: rhodecode/model/user.py annotate

annotate rhodecode/model/user.py @ 4016:cce2d984b001

User create/delete hooks for rcextensions. When a user is created or deleted, the CREATE_USER_HOOK or DELETE_USER_HOOK are called as part of the log_create_user and log_delete_user functions respectively. This is similar to the existing log_create_repository and log_delete_repository functions that already exist as part of the rcextensions module.

author	Jonathan Sternberg <jonathansternberg@gmail.com>
date	Mon, 17 Jun 2013 18:09:50 -0400
parents	5293d4bbb1ea
children	509923dac48d

rev	line source
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	1 # -- coding: utf-8 --
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	2 """
956 83d35d716a02 started working on issue #56 Marcin Kuzminski <marcin@python-works.com> parents: 902 diff changeset	3 rhodecode.model.user
83d35d716a02 started working on issue #56 Marcin Kuzminski <marcin@python-works.com> parents: 902 diff changeset	4 ~~~~~~~~~~~~~~~~~~~~
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	5
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	6 users model for RhodeCode
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	7
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	8 :created_on: Apr 9, 2010
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	9 :author: marcink
1824 89efedac4e6c 2012 copyrights Marcin Kuzminski <marcin@python-works.com> parents: 1818 diff changeset	10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	11 :license: GPLv3, see COPYING for more details.
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	12 """
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	13 # This program is free software: you can redistribute it and/or modify
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	14 # it under the terms of the GNU General Public License as published by
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	15 # the Free Software Foundation, either version 3 of the License, or
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	16 # (at your option) any later version.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	17 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	18 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	21 # GNU General Public License for more details.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	22 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 238 diff changeset	23 # You should have received a copy of the GNU General Public License
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	25
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	26 import logging
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	27 import traceback
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	28 import itertools
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	29 import collections
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	30 from pylons import url
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	31 from pylons.i18n.translation import _
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	32
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	33 from sqlalchemy.exc import DatabaseError
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	34 from sqlalchemy.orm import joinedload
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	35
2109 8ecfed1d8f8b utils/conf Marcin Kuzminski <marcin@python-works.com> parents: 2078 diff changeset	36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key
1669 f522f4d3bf93 moved caching query to libs Marcin Kuzminski <marcin@python-works.com> parents: 1634 diff changeset	37 from rhodecode.lib.caching_query import FromCache
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	38 from rhodecode.model import BaseModel
1633 2c0d35e336b5 refactoring of models names for repoGroup permissions Marcin Kuzminski <marcin@python-works.com> parents: 1628 diff changeset	39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
3788 d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	43 from rhodecode.lib.exceptions import DefaultUserException, \
2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	44 UserOwnsReposException
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	45 from rhodecode.model.meta import Session
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	46
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	47
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	48 log = logging.getLogger(__name__)
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	49
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	50 PERM_WEIGHTS = Permission.PERM_WEIGHTS
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	51
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	52
752 89b9037d68b7 fixed Example celery config to ampq, Marcin Kuzminski <marcin@python-works.com> parents: 750 diff changeset	53 class UserModel(BaseModel):
2522 17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	54 cls = User
1716 7d1fc253549e notification to commit author + gardening Marcin Kuzminski <marcin@python-works.com> parents: 1713 diff changeset	55
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	56 def get(self, user_id, cache=False):
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	57 user = self.sa.query(User)
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	58 if cache:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	59 user = user.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	60 "get_user_%s" % user_id))
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	61 return user.get(user_id)
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	62
2009 b63adad7c4af API updates Marcin Kuzminski <marcin@python-works.com> parents: 1982 diff changeset	63 def get_user(self, user):
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	64 return self._get_user(user)
2009 b63adad7c4af API updates Marcin Kuzminski <marcin@python-works.com> parents: 1982 diff changeset	65
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	66 def get_by_username(self, username, cache=False, case_insensitive=False):
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	67
742 1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	68 if case_insensitive:
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	69 user = self.sa.query(User).filter(User.username.ilike(username))
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	70 else:
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	71 user = self.sa.query(User)\
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	72 .filter(User.username == username)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	73 if cache:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	74 user = user.options(FromCache("sql_cache_short",
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	75 "get_user_%s" % username))
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	76 return user.scalar()
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	77
2522 17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	78 def get_by_email(self, email, cache=False, case_insensitive=False):
17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	79 return User.get_by_email(email, case_insensitive, cache)
17893d61792a Added associated classes into child models Marcin Kuzminski <marcin@python-works.com> parents: 2513 diff changeset	80
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	81 def get_by_api_key(self, api_key, cache=False):
1693 60249224be04 fix for api key lookup, reuse same function in user model Marcin Kuzminski <marcin@python-works.com> parents: 1690 diff changeset	82 return User.get_by_api_key(api_key, cache)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	83
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	84 def create(self, form_data):
2467 4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	85 from rhodecode.lib.auth import get_crypt_password
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	86 try:
a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	87 new_user = User()
a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	88 for k, v in form_data.items():
2467 4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	89 if k == 'password':
4419551b2915 Switched forms to new validators Marcin Kuzminski <marcin@python-works.com> parents: 2432 diff changeset	90 v = get_crypt_password(v)
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	91 if k == 'firstname':
6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	92 k = 'name'
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	93 setattr(new_user, k, v)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	94
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	95 new_user.api_key = generate_api_key(form_data['username'])
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	96 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	97
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	98 from rhodecode.lib.hooks import log_create_user
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	99 log_create_user(new_user.get_dict())
1586 2ccb32ddcfd7 Add API for repositories and groups (creation, permission) Nicolas VINOT <aeris@imirhil.fr> parents: 1417 diff changeset	100 return new_user
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	101 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	102 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	103 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	104
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	105 def create_or_update(self, username, password, email, firstname='',
388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	106 lastname='', active=True, admin=False, ldap_dn=None):
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	107 """
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	108 Creates a new instance if not found, or updates current one
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	109
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	110 :param username:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	111 :param password:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	112 :param email:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	113 :param active:
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	114 :param firstname:
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	115 :param lastname:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	116 :param active:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	117 :param admin:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	118 :param ldap_dn:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	119 """
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	120
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	121 from rhodecode.lib.auth import get_crypt_password
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	122
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	123 log.debug('Checking for %s account in RhodeCode database' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	124 user = User.get_by_username(username, case_insensitive=True)
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	125 if user is None:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	126 log.debug('creating new user %s' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	127 new_user = User()
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	128 edit = False
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	129 else:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	130 log.debug('updating user %s' % username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	131 new_user = user
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	132 edit = True
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	133
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	134 try:
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	135 new_user.username = username
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	136 new_user.admin = admin
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	137 # set password only if creating an user or password is changed
3625 260a7a01b054 follow Python conventions for boolean values Mads Kiilerich <madski@unity3d.com> parents: 3417 diff changeset	138 if not edit or user.password != password:
3809 647fb653048e make the password optional in API calls Marcin Kuzminski <marcin@python-works.com> parents: 3788 diff changeset	139 new_user.password = get_crypt_password(password) if password else None
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	140 new_user.api_key = generate_api_key(username)
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	141 new_user.email = email
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	142 new_user.active = active
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	143 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
2513 388843a3a3c0 Updated create_or_update method to not change API key when password is not updated Marcin Kuzminski <marcin@python-works.com> parents: 2488 diff changeset	144 new_user.name = firstname
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	145 new_user.lastname = lastname
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	146 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	147
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	148 if not edit:
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	149 from rhodecode.lib.hooks import log_create_user
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	150 log_create_user(new_user.get_dict())
1634 1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	151 return new_user
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	152 except (DatabaseError,):
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	153 log.error(traceback.format_exc())
1d904d972c47 User usermodel instead of db model to manage accounts Marcin Kuzminski <marcin@python-works.com> parents: 1633 diff changeset	154 raise
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	155
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	156 def create_for_container_auth(self, username, attrs):
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	157 """
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	158 Creates the given user if it's not already in the database
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	159
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	160 :param username:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	161 :param attrs:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	162 """
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	163 if self.get_by_username(username, case_insensitive=True) is None:
1690 6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	164
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	165 # autogenerate email for container account without one
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	166 generate_email = lambda usr: '%s@container_auth.account' % usr
6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	167
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	168 try:
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	169 new_user = User()
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	170 new_user.username = username
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	171 new_user.password = None
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	172 new_user.api_key = generate_api_key(username)
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	173 new_user.email = attrs['email']
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	174 new_user.active = attrs.get('active', True)
1690 6944b1249f28 fixed issues with not unique emails when using ldap or container auth. Marcin Kuzminski <marcin@python-works.com> parents: 1689 diff changeset	175 new_user.name = attrs['name'] or generate_email(username)
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	176 new_user.lastname = attrs['lastname']
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	177
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	178 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	179
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	180 from rhodecode.lib.hooks import log_create_user
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	181 log_create_user(new_user.get_dict())
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	182 return new_user
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	183 except (DatabaseError,):
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	184 log.error(traceback.format_exc())
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	185 self.sa.rollback()
cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	186 raise
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	187 log.debug('User %s already exists. Skipping creation of account'
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	188 ' for container auth.', username)
de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	189 return None
1621 cbc2b1913cdf Added basic automatic user creation for container auth Liad Shani <liadff@gmail.com> parents: 1618 diff changeset	190
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	191 def create_ldap(self, username, password, user_dn, attrs):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	192 """
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	193 Checks if user is in database, if not creates this user marked
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	194 as ldap user
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	195
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	196 :param username:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	197 :param password:
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	198 :param user_dn:
b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	199 :param attrs:
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	200 """
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	201 from rhodecode.lib.auth import get_crypt_password
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	202 log.debug('Checking for such ldap account in RhodeCode database')
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	203 if self.get_by_username(username, case_insensitive=True) is None:
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	204
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	205 # autogenerate email for ldap account without one
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	206 generate_email = lambda usr: '%s@ldap.account' % usr
cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	207
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	208 try:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	209 new_user = User()
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	210 username = username.lower()
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	211 # add ldap account always lowercase
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	212 new_user.username = username
750 73c99f45ef2a fixed security issue when saving ldap user saved plaintext password Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	213 new_user.password = get_crypt_password(password)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	214 new_user.api_key = generate_api_key(username)
1689 cc302c98bb8e fix fo empty email passed in attributes of ldap account. Marcin Kuzminski <marcin@python-works.com> parents: 1669 diff changeset	215 new_user.email = attrs['email'] or generate_email(username)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	216 new_user.active = attrs.get('active', True)
1516 582686d76cb6 fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation Marcin Kuzminski <marcin@python-works.com> parents: 1417 diff changeset	217 new_user.ldap_dn = safe_unicode(user_dn)
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	218 new_user.name = attrs['name']
b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 956 diff changeset	219 new_user.lastname = attrs['lastname']
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	220
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	221 self.sa.add(new_user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	222
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	223 from rhodecode.lib.hooks import log_create_user
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	224 log_create_user(new_user.get_dict())
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	225 return new_user
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	226 except (DatabaseError,):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	227 log.error(traceback.format_exc())
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	228 self.sa.rollback()
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	229 raise
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	230 log.debug('this %s user exists skipping creation of ldap account',
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 752 diff changeset	231 username)
1628 de71a4bde097 Some code cleanups and fixes Marcin Kuzminski <marcin@python-works.com> parents: 1626 diff changeset	232 return None
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	233
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	234 def create_registration(self, form_data):
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	235 from rhodecode.model.notification import NotificationModel
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	236
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	237 try:
2248 72542dc597be fixed issue with empty APIKEYS on registration #438 Marcin Kuzminski <marcin@python-works.com> parents: 2186 diff changeset	238 form_data['admin'] = False
72542dc597be fixed issue with empty APIKEYS on registration #438 Marcin Kuzminski <marcin@python-works.com> parents: 2186 diff changeset	239 new_user = self.create(form_data)
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	240
363 98abf8953b87 Added user registration, changed login url schema, moved it into _admin/ for safety Marcin Kuzminski <marcin@python-works.com> parents: 347 diff changeset	241 self.sa.add(new_user)
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	242 self.sa.flush()
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	243
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	244 # notification to admins
3654 ec6354949623 Fix a lot of casings - use standard casing in most places Mads Kiilerich <madski@unity3d.com> parents: 3653 diff changeset	245 subject = _('New user registration')
689 ecc566f8b69f fixes #59, notifications for user registrations + some changes to mailer Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	246 body = ('New user registration\n'
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	247 '---------------------\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	248 '- Username: %s\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	249 '- Full Name: %s\n'
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	250 '- Email: %s\n')
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	251 body = body % (new_user.username, new_user.full_name,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	252 new_user.email)
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	253 edit_url = url('edit_user', id=new_user.user_id, qualified=True)
1950 4ae17f819ee8 #344 optional firstname lastname on user creation Marcin Kuzminski <marcin@python-works.com> parents: 1824 diff changeset	254 kw = {'registered_user_url': edit_url}
1731 31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	255 NotificationModel().create(created_by=new_user, subject=subject,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	256 body=body, recipients=None,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	257 type_=Notification.TYPE_REGISTRATION,
31e6eb2fb4b2 implements #222 registration feedback Marcin Kuzminski <marcin@python-works.com> parents: 1729 diff changeset	258 email_kwargs=kw)
689 ecc566f8b69f fixes #59, notifications for user registrations + some changes to mailer Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	259
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	260 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	261 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	262 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	263
3021 b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	264 def update(self, user_id, form_data, skip_attrs=[]):
2488 b5b34d71b23b fix crypt password on update my account Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	265 from rhodecode.lib.auth import get_crypt_password
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	266 try:
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	267 user = self.get(user_id, cache=False)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	268 if user.username == 'default':
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	269 raise DefaultUserException(
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	270 _("You can't Edit this user since it's"
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	271 " crucial for entire application"))
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	272
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	273 for k, v in form_data.items():
3021 b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	274 if k in skip_attrs:
b2b93614a7cd Implemented #658 Changing username in LDAP-Mode should not be allowed. Marcin Kuzminski <marcin@python-works.com> parents: 2864 diff changeset	275 continue
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	276 if k == 'new_password' and v:
2488 b5b34d71b23b fix crypt password on update my account Marcin Kuzminski <marcin@python-works.com> parents: 2479 diff changeset	277 user.password = get_crypt_password(v)
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	278 user.api_key = generate_api_key(user.username)
238 a55c17874486 Rewrite of user managment, improved forms, added some user info Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	279 else:
2544 6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	280 if k == 'firstname':
6ce3387bf0ce Renamed name to firstname in forms Marcin Kuzminski <marcin@python-works.com> parents: 2522 diff changeset	281 k = 'name'
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	282 setattr(user, k, v)
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	283 self.sa.add(user)
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	284 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	285 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	286 raise
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	287
2657 001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	288 def update_user(self, user, **kwargs):
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	289 from rhodecode.lib.auth import get_crypt_password
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	290 try:
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	291 user = self._get_user(user)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	292 if user.username == 'default':
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	293 raise DefaultUserException(
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	294 _("You can't Edit this user since it's"
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	295 " crucial for entire application")
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	296 )
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	297
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	298 for k, v in kwargs.items():
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	299 if k == 'password' and v:
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	300 v = get_crypt_password(v)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	301 user.api_key = generate_api_key(user.username)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	302
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	303 setattr(user, k, v)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	304 self.sa.add(user)
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	305 return user
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	306 except Exception:
2657 001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	307 log.error(traceback.format_exc())
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	308 raise
001c7e2ae986 fixed api issue with changing username during update_user Marcin Kuzminski <marcin@python-works.com> parents: 2544 diff changeset	309
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	310 def delete(self, user):
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	311 user = self._get_user(user)
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	312
265 0e5455fda8fd Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 252 diff changeset	313 try:
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	314 if user.username == 'default':
0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	315 raise DefaultUserException(
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	316 _(u"You can't remove this user since it's"
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	317 " crucial for entire application")
273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	318 )
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	319 if user.repositories:
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	320 repos = [x.repo_name for x in user.repositories]
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	321 raise UserOwnsReposException(
2153 fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	322 _(u'user "%s" still owns %s repositories and cannot be '
fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	323 'removed. Switch owners or remove those repositories. %s')
fa637dc3e029 Improved message about deleting user who owns repositories Marcin Kuzminski <marcin@python-works.com> parents: 2150 diff changeset	324 % (user.username, len(repos), ', '.join(repos))
2124 273ce1a99c3f fixed #397 Private repository groups shows up before login Marcin Kuzminski <marcin@python-works.com> parents: 2109 diff changeset	325 )
314 0d26d46bd370 protected againts changing default user. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	326 self.sa.delete(user)
4016 cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	327
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	328 from rhodecode.lib.hooks import log_delete_user
cce2d984b001 User create/delete hooks for rcextensions. Jonathan Sternberg <jonathansternberg@gmail.com> parents: 3960 diff changeset	329 log_delete_user(user.get_dict())
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	330 except Exception:
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	331 log.error(traceback.format_exc())
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	332 raise
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	333
1417 5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	334 def reset_password_link(self, data):
5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	335 from rhodecode.lib.celerylib import tasks, run_task
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	336 from rhodecode.model.notification import EmailNotificationModel
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	337 user_email = data['email']
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	338 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	339 user = User.get_by_email(user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	340 if user:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	341 log.debug('password reset user found %s' % user)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	342 link = url('reset_password_confirmation', key=user.api_key,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	343 qualified=True)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	344 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	345 body = EmailNotificationModel().get_email_tmpl(reg_type,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	346 **{'user': user.short_contact,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	347 'reset_url': link})
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	348 log.debug('sending email')
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	349 run_task(tasks.send_email, user_email,
3654 ec6354949623 Fix a lot of casings - use standard casing in most places Mads Kiilerich <madski@unity3d.com> parents: 3653 diff changeset	350 _("Password reset link"), body, body)
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	351 log.info('send new password mail to %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	352 else:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	353 log.debug("password reset email %s not found" % user_email)
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	354 except Exception:
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	355 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	356 return False
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	357
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	358 return True
1417 5875955def39 fixes #223 improve password reset form Marcin Kuzminski <marcin@python-works.com> parents: 1270 diff changeset	359
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	360 def reset_password(self, data):
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	361 from rhodecode.lib.celerylib import tasks, run_task
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	362 from rhodecode.lib import auth
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	363 user_email = data['email']
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	364 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	365 try:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	366 user = User.get_by_email(user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	367 new_passwd = auth.PasswordGenerator().gen_password(8,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	368 auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	369 if user:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	370 user.password = auth.get_crypt_password(new_passwd)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	371 user.api_key = auth.generate_api_key(user.username)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	372 Session().add(user)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	373 Session().commit()
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	374 log.info('change password for %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	375 if new_passwd is None:
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	376 raise Exception('unable to generate new password')
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	377 except Exception:
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	378 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	379 Session().rollback()
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	380
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	381 run_task(tasks.send_email, user_email,
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	382 _('Your new password'),
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	383 _('Your new RhodeCode password:%s') % (new_passwd))
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	384 log.info('send new password mail to %s' % user_email)
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	385
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	386 except Exception:
3401 5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	387 log.error('Failed to update user password')
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	388 log.error(traceback.format_exc())
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	389
5c310b7b01ce moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken Marcin Kuzminski <marcin@python-works.com> parents: 3159 diff changeset	390 return True
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	391
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	392 def fill_data(self, auth_user, user_id=None, api_key=None):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	393 """
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	394 Fetches auth_user by user_id,or api_key if present.
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	395 Fills auth_user attributes with those taken from database.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	396 Additionally set's is_authenitated if lookup fails
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	397 present in database
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	398
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	399 :param auth_user: instance of user to set attributes
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	400 :param user_id: user id to fetch by
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	401 :param api_key: api key to fetch by
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	402 """
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	403 if user_id is None and api_key is None:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	404 raise Exception('You need to pass user_id or api_key')
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	405
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	406 try:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	407 if api_key:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	408 dbuser = self.get_by_api_key(api_key)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	409 else:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	410 dbuser = self.get(user_id)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	411
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	412 if dbuser is not None and dbuser.active:
1976 a76e9bacbedc garden Marcin Kuzminski <marcin@python-works.com> parents: 1950 diff changeset	413 log.debug('filling %s data' % dbuser)
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	414 for k, v in dbuser.get_dict().items():
a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	415 setattr(auth_user, k, v)
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	416 else:
9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	417 return False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	418
3631 10b4e34841a4 Don't catch all exceptions Marcin Kuzminski <marcin@python-works.com> parents: 3625 diff changeset	419 except Exception:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	420 log.error(traceback.format_exc())
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	421 auth_user.is_authenticated = False
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	422 return False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	423
1618 9353189b7675 Added automatic logout of deactivated/deleted users Liad Shani <liadff@gmail.com> parents: 1594 diff changeset	424 return True
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	425
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	426 def fill_perms(self, user, explicit=True, algo='higherwin'):
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	427 """
2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	428 Fills user permission attribute with permissions taken from database
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	429 works for permissions given for repositories, and for permissions that
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	430 are granted to groups
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	431
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	432 :param user: user instance to fill his perms
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	433 :param explicit: In case there are permissions both for user and a group
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	434 that user is part of, explicit flag will defiine if user will
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	435 explicitly override permissions from group, if it's False it will
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	436 make decision based on the algo
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	437 :param algo: algorithm to decide what permission should be choose if
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	438 it's multiple defined, eg user in two different groups. It also
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	439 decides if explicit flag is turned off how to specify the permission
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	440 for case when user is in a group + have defined separate permission
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	441 """
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	442 RK = 'repositories'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	443 GK = 'repositories_groups'
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	444 UK = 'user_groups'
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	445 GLOBAL = 'global'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	446 user.permissions[RK] = {}
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	447 user.permissions[GK] = {}
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	448 user.permissions[UK] = {}
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	449 user.permissions[GLOBAL] = set()
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	450
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	451 def _choose_perm(new_perm, cur_perm):
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	452 new_perm_val = PERM_WEIGHTS[new_perm]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	453 cur_perm_val = PERM_WEIGHTS[cur_perm]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	454 if algo == 'higherwin':
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	455 if new_perm_val > cur_perm_val:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	456 return new_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	457 return cur_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	458 elif algo == 'lowerwin':
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	459 if new_perm_val < cur_perm_val:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	460 return new_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	461 return cur_perm
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	462
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	463 #======================================================================
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	464 # fetch default permissions
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	465 #======================================================================
1728 07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	466 default_user = User.get_by_username('default', cache=True)
07e56179633e - fixes celery sqlalchemy session issues for async forking Marcin Kuzminski <marcin@python-works.com> parents: 1716 diff changeset	467 default_user_id = default_user.user_id
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	468
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	469 default_repo_perms = Permission.get_default_perms(default_user_id)
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	470 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	471 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	472
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	473 if user.is_admin:
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	474 #==================================================================
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	475 # admin user have all default rights for repositories
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	476 # and groups set to admin
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	477 #==================================================================
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	478 user.permissions[GLOBAL].add('hg.admin')
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	479
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	480 # repositories
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	481 for perm in default_repo_perms:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	482 r_k = perm.UserRepoToPerm.repository.repo_name
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	483 p = 'repository.admin'
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	484 user.permissions[RK][r_k] = p
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	485
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	486 # repository groups
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	487 for perm in default_repo_groups_perms:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	488 rg_k = perm.UserRepoGroupToPerm.group.group_name
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	489 p = 'group.admin'
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	490 user.permissions[GK][rg_k] = p
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	491
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	492 # user groups
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	493 for perm in default_user_group_perms:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	494 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	495 p = 'usergroup.admin'
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	496 user.permissions[UK][u_k] = p
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	497 return user
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	498
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	499 #==================================================================
3653 4c78a0855a17 Fix 'repos group' - it is 'repository group' Mads Kiilerich <madski@unity3d.com> parents: 3631 diff changeset	500 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	501 #==================================================================
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	502 uid = user.user_id
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	503
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	504 # default global permissions taken fron the default user
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	505 default_global_perms = self.sa.query(UserToPerm)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	506 .filter(UserToPerm.user_id == default_user_id)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	507
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	508 for perm in default_global_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	509 user.permissions[GLOBAL].add(perm.permission.permission_name)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	510
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	511 # defaults for repositories, taken from default user
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	512 for perm in default_repo_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	513 r_k = perm.UserRepoToPerm.repository.repo_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	514 if perm.Repository.private and not (perm.Repository.user_id == uid):
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	515 # disable defaults for private repos,
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	516 p = 'repository.none'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	517 elif perm.Repository.user_id == uid:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	518 # set admin if owner
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	519 p = 'repository.admin'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	520 else:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	521 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	522
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	523 user.permissions[RK][r_k] = p
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	524
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	525 # defaults for repository groups taken from default user permission
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	526 # on given group
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	527 for perm in default_repo_groups_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	528 rg_k = perm.UserRepoGroupToPerm.group.group_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	529 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	530 user.permissions[GK][rg_k] = p
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	531
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	532 # defaults for user groups taken from default user permission
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	533 # on given user group
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	534 for perm in default_user_group_perms:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	535 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	536 p = perm.Permission.permission_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	537 user.permissions[UK][u_k] = p
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	538
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	539 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	540 # !! OVERRIDE GLOBALS !! with user permissions if any found
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	541 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	542 # those can be configured from groups or users explicitly
3736 87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	543 _configurable = set([
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	544 'hg.fork.none', 'hg.fork.repository',
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	545 'hg.create.none', 'hg.create.repository',
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	546 'hg.usergroup.create.false', 'hg.usergroup.create.true'
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	547 ])
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	548
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	549 # USER GROUPS comes first
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	550 # user group global permissions
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	551 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	552 .options(joinedload(UserGroupToPerm.permission))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	553 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	554 UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	555 .filter(UserGroupMember.user_id == uid)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	556 .order_by(UserGroupToPerm.users_group_id)\
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	557 .all()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	558 #need to group here by groups since user can be in more than one group
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	559 _grouped = [[x, list(y)] for x, y in
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	560 itertools.groupby(user_perms_from_users_groups,
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	561 lambda x:x.users_group)]
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	562 for gr, perms in _grouped:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	563 # since user can be in multiple groups iterate over them and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	564 # select the lowest permissions first (more explicit)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	565 ##TODO: do this^^
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	566 if not gr.inherit_default_permissions:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	567 # NEED TO IGNORE all configurable permissions and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	568 # replace them with explicitly set
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	569 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	570 .difference(_configurable)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	571 for perm in perms:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	572 user.permissions[GLOBAL].add(perm.permission.permission_name)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	573
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	574 # user specific global permissions
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	575 user_perms = self.sa.query(UserToPerm)\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	576 .options(joinedload(UserToPerm.permission))\
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	577 .filter(UserToPerm.user_id == uid).all()
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	578
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	579 if not user.inherit_default_permissions:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	580 # NEED TO IGNORE all configurable permissions and
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	581 # replace them with explicitly set
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	582 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	583 .difference(_configurable)
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	584
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	585 for perm in user_perms:
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	586 user.permissions[GLOBAL].add(perm.permission.permission_name)
3736 87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	587 ## END GLOBAL PERMISSIONS
87e6960e250b Iteration on default permissions Marcin Kuzminski <marcin@python-works.com> parents: 3714 diff changeset	588
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	589 #======================================================================
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	590 # !! PERMISSIONS FOR REPOSITORIES !!
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	591 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	592 #======================================================================
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	593 # check if user is part of user groups for this repository and
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	594 # fill in his permission from it. _choose_perm decides of which
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	595 # permission should be selected based on selected method
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	596 #======================================================================
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	597
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	598 # user group for repositories permissions
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	599 user_repo_perms_from_users_groups = \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	600 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	601 .join((Repository, UserGroupRepoToPerm.repository_id ==
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	602 Repository.repo_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	603 .join((Permission, UserGroupRepoToPerm.permission_id ==
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	604 Permission.permission_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	605 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	606 UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	607 .filter(UserGroupMember.user_id == uid)\
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	608 .all()
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	609
3096 69b25f1b0b45 switch to defaultdict for counter implementation Marcin Kuzminski <marcin@python-works.com> parents: 3094 diff changeset	610 multiple_counter = collections.defaultdict(int)
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	611 for perm in user_repo_perms_from_users_groups:
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	612 r_k = perm.UserGroupRepoToPerm.repository.repo_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	613 multiple_counter[r_k] += 1
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	614 p = perm.Permission.permission_name
d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	615 cur_perm = user.permissions[RK][r_k]
2864 5c1ad3b410e5 fixed #570 explicit users group permissions can overwrite owner permissions Marcin Kuzminski <marcin@python-works.com> parents: 2820 diff changeset	616
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	617 if perm.Repository.user_id == uid:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	618 # set admin if owner
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	619 p = 'repository.admin'
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	620 else:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	621 if multiple_counter[r_k] > 1:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	622 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	623 user.permissions[RK][r_k] = p
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	624
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	625 # user explicit permissions for repositories, overrides any specified
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	626 # by the group permission
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	627 user_repo_perms = Permission.get_default_perms(uid)
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	628 for perm in user_repo_perms:
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	629 r_k = perm.UserRepoToPerm.repository.repo_name
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	630 cur_perm = user.permissions[RK][r_k]
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	631 # set admin if owner
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	632 if perm.Repository.user_id == uid:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	633 p = 'repository.admin'
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	634 else:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	635 p = perm.Permission.permission_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	636 if not explicit:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	637 p = _choose_perm(p, cur_perm)
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	638 user.permissions[RK][r_k] = p
1267 d534aff5e82a user defined permission will update the global permissions, and overwrite default settings. Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	639
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	640 #======================================================================
3410 5f1850e4712a "Users groups" is grammatically incorrect English - rename to "user groups" Mads Kiilerich <madski@unity3d.com> parents: 3401 diff changeset	641 # !! PERMISSIONS FOR REPOSITORY GROUPS !!
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	642 #======================================================================
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	643 #======================================================================
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	644 # check if user is part of user groups for this repository groups and
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	645 # fill in his permission from it. _choose_perm decides of which
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	646 # permission should be selected based on selected method
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	647 #======================================================================
3415 b8f929bff7e3 fixed tests and missing replacements from 5f1850e4712a Marcin Kuzminski <marcin@python-works.com> parents: 3410 diff changeset	648 # user group for repo groups permissions
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	649 user_repo_group_perms_from_users_groups = \
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	650 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	651 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	652 .join((Permission, UserGroupRepoGroupToPerm.permission_id
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	653 == Permission.permission_id))\
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	654 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	655 == UserGroupMember.users_group_id))\
fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	656 .filter(UserGroupMember.user_id == uid)\
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	657 .all()
1269 2e7f21429316 tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id Marcin Kuzminski <marcin@python-works.com> parents: 1267 diff changeset	658
3096 69b25f1b0b45 switch to defaultdict for counter implementation Marcin Kuzminski <marcin@python-works.com> parents: 3094 diff changeset	659 multiple_counter = collections.defaultdict(int)
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	660 for perm in user_repo_group_perms_from_users_groups:
3417 fa6ba6727475 further cleanup of UsersGroup Mads Kiilerich <madski@unity3d.com> parents: 3415 diff changeset	661 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	662 multiple_counter[g_k] += 1
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	663 p = perm.Permission.permission_name
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	664 cur_perm = user.permissions[GK][g_k]
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	665 if multiple_counter[g_k] > 1:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	666 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	667 user.permissions[GK][g_k] = p
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	668
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	669 # user explicit permissions for repository groups
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	670 user_repo_groups_perms = Permission.get_default_group_perms(uid)
2186 7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	671 for perm in user_repo_groups_perms:
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	672 rg_k = perm.UserRepoGroupToPerm.group.group_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	673 p = perm.Permission.permission_name
7b52c2351231 permission comments + out identation for better readability Marcin Kuzminski <marcin@python-works.com> parents: 2153 diff changeset	674 cur_perm = user.permissions[GK][rg_k]
3094 b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	675 if not explicit:
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	676 p = _choose_perm(p, cur_perm)
b70c6652a0d4 fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission Marcin Kuzminski <marcin@python-works.com> parents: 3021 diff changeset	677 user.permissions[GK][rg_k] = p
2129 43481c3d70ca #399 added inheritance of permissions for users group on repos groups Marcin Kuzminski <marcin@python-works.com> parents: 2124 diff changeset	678
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	679 #======================================================================
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	680 # !! PERMISSIONS FOR USER GROUPS !!
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	681 #======================================================================
3788 d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	682 # user group for user group permissions
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	683 user_group_user_groups_perms = \
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	684 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	685 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	686 == UserGroup.users_group_id))\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	687 .join((Permission, UserGroupUserGroupToPerm.permission_id
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	688 == Permission.permission_id))\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	689 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	690 == UserGroupMember.users_group_id))\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	691 .filter(UserGroupMember.user_id == uid)\
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	692 .all()
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	693
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	694 multiple_counter = collections.defaultdict(int)
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	695 for perm in user_group_user_groups_perms:
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	696 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	697 multiple_counter[g_k] += 1
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	698 p = perm.Permission.permission_name
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	699 cur_perm = user.permissions[UK][g_k]
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	700 if multiple_counter[g_k] > 1:
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	701 p = _choose_perm(p, cur_perm)
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	702 user.permissions[UK][g_k] = p
d9b89874edf9 UserGroup on UserGroup permissions implementation. Marcin Kuzminski <marcin@python-works.com> parents: 3736 diff changeset	703
3714 7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	704 #user explicit permission for user groups
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	705 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	706 for perm in user_user_groups_perms:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	707 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	708 p = perm.Permission.permission_name
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	709 cur_perm = user.permissions[UK][u_k]
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	710 if not explicit:
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	711 p = _choose_perm(p, cur_perm)
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	712 user.permissions[UK][u_k] = p
7e3d89d9d3a2 - Manage User’s Groups: create, delete, rename, add/remove users inside. Marcin Kuzminski <marcin@python-works.com> parents: 3654 diff changeset	713
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	714 return user
1594 9dae92a65e40 fixes #288 Marcin Kuzminski <marcin@python-works.com> parents: 1593 diff changeset	715
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	716 def has_perm(self, user, perm):
2709 d2d35cf2b351 RhodeCode now has a option to explicitly set forking permissions. ref #508 Marcin Kuzminski <marcin@python-works.com> parents: 2657 diff changeset	717 perm = self._get_perm(perm)
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	718 user = self._get_user(user)
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	719
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	720 return UserToPerm.query().filter(UserToPerm.user == user)\
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	721 .filter(UserToPerm.permission == perm).scalar() is not None
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	722
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	723 def grant_perm(self, user, perm):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	724 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	725 Grant user global permissions
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	726
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	727 :param user:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	728 :param perm:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	729 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	730 user = self._get_user(user)
d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	731 perm = self._get_perm(perm)
2078 d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	732 # if this permission is already granted skip it
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	733 _perm = UserToPerm.query()\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	734 .filter(UserToPerm.user == user)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	735 .filter(UserToPerm.permission == perm)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	736 .scalar()
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	737 if _perm:
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	738 return
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	739 new = UserToPerm()
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	740 new.user = user
1749 8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	741 new.permission = perm
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	742 self.sa.add(new)
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	743
8ecc6b8229a5 commit less models Marcin Kuzminski <marcin@python-works.com> parents: 1734 diff changeset	744 def revoke_perm(self, user, perm):
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	745 """
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	746 Revoke users global permissions
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	747
1982 87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	748 :param user:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	749 :param perm:
87f0800abc7b #227 Initial version of repository groups permissions system Marcin Kuzminski <marcin@python-works.com> parents: 1976 diff changeset	750 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	751 user = self._get_user(user)
d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	752 perm = self._get_perm(perm)
1818 cf51bbfb120e auto white-space removal Marcin Kuzminski <marcin@python-works.com> parents: 1758 diff changeset	753
2078 d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	754 obj = UserToPerm.query()\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	755 .filter(UserToPerm.user == user)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	756 .filter(UserToPerm.permission == perm)\
d4b6c8541bd9 fixes issue when user tried to resubmit same permission into user/user_groups Marcin Kuzminski <marcin@python-works.com> parents: 2009 diff changeset	757 .scalar()
1758 a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	758 if obj:
a87aa385f21c fixed repo_create permission by adding missing commit statements Marcin Kuzminski <marcin@python-works.com> parents: 1749 diff changeset	759 self.sa.delete(obj)
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	760
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	761 def add_extra_email(self, user, email):
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	762 """
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	763 Adds email address to UserEmailMap
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	764
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	765 :param user:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	766 :param email:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	767 """
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	768 from rhodecode.model import forms
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	769 form = forms.UserExtraEmailForm()()
9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	770 data = form.to_python(dict(email=email))
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	771 user = self._get_user(user)
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	772
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	773 obj = UserEmailMap()
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	774 obj.user = user
2479 9225597688f4 Added validation into user email map Marcin Kuzminski <marcin@python-works.com> parents: 2478 diff changeset	775 obj.email = data['email']
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	776 self.sa.add(obj)
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	777 return obj
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	778
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	779 def delete_extra_email(self, user, email_id):
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	780 """
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	781 Removes email address from UserEmailMap
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	782
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	783 :param user:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	784 :param email_id:
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	785 """
2432 d3ac7491a5c8 Share common getter functions in base model, and remove duplicated functions from other models Marcin Kuzminski <marcin@python-works.com> parents: 2330 diff changeset	786 user = self._get_user(user)
2330 b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	787 obj = UserEmailMap.query().get(email_id)
b0fef8a77568 Added simple UI for admin to manage emails map Marcin Kuzminski <marcin@python-works.com> parents: 2278 diff changeset	788 if obj:
2478 8eab81115660 white space cleanup Marcin Kuzminski <marcin@python-works.com> parents: 2467 diff changeset	789 self.sa.delete(obj)
3125 9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	790
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	791 def add_extra_ip(self, user, ip):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	792 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	793 Adds ip address to UserIpMap
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	794
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	795 :param user:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	796 :param ip:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	797 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	798 from rhodecode.model import forms
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	799 form = forms.UserExtraIpForm()()
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	800 data = form.to_python(dict(ip=ip))
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	801 user = self._get_user(user)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	802
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	803 obj = UserIpMap()
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	804 obj.user = user
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	805 obj.ip_addr = data['ip']
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	806 self.sa.add(obj)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	807 return obj
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	808
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	809 def delete_extra_ip(self, user, ip_id):
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	810 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	811 Removes ip address from UserIpMap
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	812
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	813 :param user:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	814 :param ip_id:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	815 """
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	816 user = self._get_user(user)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	817 obj = UserIpMap.query().get(ip_id)
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	818 if obj:
9b92cf5a0cca Added UserIpMap interface for allowed IP addresses and IP restriction access Marcin Kuzminski <marcin@python-works.com> parents: 3096 diff changeset	819 self.sa.delete(obj)

Mercurial > kallithea

annotate rhodecode/model/user.py @ 4016:cce2d984b001