Mercurial > kallithea
annotate rhodecode/model/user.py @ 4016:cce2d984b001
User create/delete hooks for rcextensions.
When a user is created or deleted, the CREATE_USER_HOOK or DELETE_USER_HOOK
are called as part of the log_create_user and log_delete_user functions
respectively. This is similar to the existing log_create_repository and
log_delete_repository functions that already exist as part of the rcextensions
module.
author | Jonathan Sternberg <jonathansternberg@gmail.com> |
---|---|
date | Mon, 17 Jun 2013 18:09:50 -0400 |
parents | 5293d4bbb1ea |
children | 509923dac48d |
rev | line source |
---|---|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
1 # -*- coding: utf-8 -*- |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
2 """ |
956
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
3 rhodecode.model.user |
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~ |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
5 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
6 users model for RhodeCode |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
7 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
8 :created_on: Apr 9, 2010 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
9 :author: marcink |
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
12 """ |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
17 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
21 # GNU General Public License for more details. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
22 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
25 |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
26 import logging |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
27 import traceback |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
28 import itertools |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
29 import collections |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
30 from pylons import url |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
31 from pylons.i18n.translation import _ |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
32 |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
33 from sqlalchemy.exc import DatabaseError |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
34 from sqlalchemy.orm import joinedload |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
35 |
2109 | 36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key |
1669
f522f4d3bf93
moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents:
1634
diff
changeset
|
37 from rhodecode.lib.caching_query import FromCache |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
38 from rhodecode.model import BaseModel |
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1628
diff
changeset
|
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \ |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
43 from rhodecode.lib.exceptions import DefaultUserException, \ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
44 UserOwnsReposException |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
45 from rhodecode.model.meta import Session |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
46 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
47 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
48 log = logging.getLogger(__name__) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
49 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
50 PERM_WEIGHTS = Permission.PERM_WEIGHTS |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
51 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
52 |
752
89b9037d68b7
fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents:
750
diff
changeset
|
53 class UserModel(BaseModel): |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
54 cls = User |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1713
diff
changeset
|
55 |
1594 | 56 def get(self, user_id, cache=False): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
57 user = self.sa.query(User) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
58 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
59 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
60 "get_user_%s" % user_id)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
61 return user.get(user_id) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
62 |
2009 | 63 def get_user(self, user): |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
64 return self._get_user(user) |
2009 | 65 |
1594 | 66 def get_by_username(self, username, cache=False, case_insensitive=False): |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
67 |
742
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
68 if case_insensitive: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
69 user = self.sa.query(User).filter(User.username.ilike(username)) |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
70 else: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
71 user = self.sa.query(User)\ |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
72 .filter(User.username == username) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
73 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
74 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
75 "get_user_%s" % username)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
76 return user.scalar() |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
77 |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
78 def get_by_email(self, email, cache=False, case_insensitive=False): |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
79 return User.get_by_email(email, case_insensitive, cache) |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
80 |
1594 | 81 def get_by_api_key(self, api_key, cache=False): |
1693
60249224be04
fix for api key lookup, reuse same function in user model
Marcin Kuzminski <marcin@python-works.com>
parents:
1690
diff
changeset
|
82 return User.get_by_api_key(api_key, cache) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
83 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
84 def create(self, form_data): |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
85 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
86 try: |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
87 new_user = User() |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
88 for k, v in form_data.items(): |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
89 if k == 'password': |
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
90 v = get_crypt_password(v) |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
91 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
92 k = 'name' |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
93 setattr(new_user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
94 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
95 new_user.api_key = generate_api_key(form_data['username']) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
96 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
97 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
98 from rhodecode.lib.hooks import log_create_user |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
99 log_create_user(new_user.get_dict()) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
1417
diff
changeset
|
100 return new_user |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
101 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
102 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
103 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
104 |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
105 def create_or_update(self, username, password, email, firstname='', |
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
106 lastname='', active=True, admin=False, ldap_dn=None): |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
107 """ |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
108 Creates a new instance if not found, or updates current one |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
109 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
110 :param username: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
111 :param password: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
112 :param email: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
113 :param active: |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
114 :param firstname: |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
115 :param lastname: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
116 :param active: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
117 :param admin: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
118 :param ldap_dn: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
119 """ |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
120 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
121 from rhodecode.lib.auth import get_crypt_password |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
122 |
1976 | 123 log.debug('Checking for %s account in RhodeCode database' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
124 user = User.get_by_username(username, case_insensitive=True) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
125 if user is None: |
1976 | 126 log.debug('creating new user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
127 new_user = User() |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
128 edit = False |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
129 else: |
1976 | 130 log.debug('updating user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
131 new_user = user |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
132 edit = True |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
133 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
134 try: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
135 new_user.username = username |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
136 new_user.admin = admin |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
137 # set password only if creating an user or password is changed |
3625
260a7a01b054
follow Python conventions for boolean values
Mads Kiilerich <madski@unity3d.com>
parents:
3417
diff
changeset
|
138 if not edit or user.password != password: |
3809
647fb653048e
make the password optional in API calls
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
139 new_user.password = get_crypt_password(password) if password else None |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
140 new_user.api_key = generate_api_key(username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
141 new_user.email = email |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
142 new_user.active = active |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
143 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
144 new_user.name = firstname |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
145 new_user.lastname = lastname |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
146 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
147 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
148 if not edit: |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
149 from rhodecode.lib.hooks import log_create_user |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
150 log_create_user(new_user.get_dict()) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
151 return new_user |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
152 except (DatabaseError,): |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
153 log.error(traceback.format_exc()) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
154 raise |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
155 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
156 def create_for_container_auth(self, username, attrs): |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
157 """ |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
158 Creates the given user if it's not already in the database |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
159 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
160 :param username: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
161 :param attrs: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
162 """ |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
163 if self.get_by_username(username, case_insensitive=True) is None: |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
164 |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
165 # autogenerate email for container account without one |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
166 generate_email = lambda usr: '%s@container_auth.account' % usr |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
167 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
168 try: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
169 new_user = User() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
170 new_user.username = username |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
171 new_user.password = None |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
172 new_user.api_key = generate_api_key(username) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
173 new_user.email = attrs['email'] |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
174 new_user.active = attrs.get('active', True) |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
175 new_user.name = attrs['name'] or generate_email(username) |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
176 new_user.lastname = attrs['lastname'] |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
177 |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
178 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
179 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
180 from rhodecode.lib.hooks import log_create_user |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
181 log_create_user(new_user.get_dict()) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
182 return new_user |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
183 except (DatabaseError,): |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
184 log.error(traceback.format_exc()) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
185 self.sa.rollback() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
186 raise |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
187 log.debug('User %s already exists. Skipping creation of account' |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
188 ' for container auth.', username) |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
189 return None |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
190 |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
191 def create_ldap(self, username, password, user_dn, attrs): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
192 """ |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
193 Checks if user is in database, if not creates this user marked |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
194 as ldap user |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
195 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
196 :param username: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
197 :param password: |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
198 :param user_dn: |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
199 :param attrs: |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
200 """ |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
201 from rhodecode.lib.auth import get_crypt_password |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
202 log.debug('Checking for such ldap account in RhodeCode database') |
1594 | 203 if self.get_by_username(username, case_insensitive=True) is None: |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
204 |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
205 # autogenerate email for ldap account without one |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
206 generate_email = lambda usr: '%s@ldap.account' % usr |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
207 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
208 try: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
209 new_user = User() |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
210 username = username.lower() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
211 # add ldap account always lowercase |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
212 new_user.username = username |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
213 new_user.password = get_crypt_password(password) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
214 new_user.api_key = generate_api_key(username) |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
215 new_user.email = attrs['email'] or generate_email(username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
216 new_user.active = attrs.get('active', True) |
1516
582686d76cb6
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1417
diff
changeset
|
217 new_user.ldap_dn = safe_unicode(user_dn) |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
218 new_user.name = attrs['name'] |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
219 new_user.lastname = attrs['lastname'] |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
220 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
221 self.sa.add(new_user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
222 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
223 from rhodecode.lib.hooks import log_create_user |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
224 log_create_user(new_user.get_dict()) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
225 return new_user |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
226 except (DatabaseError,): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
227 log.error(traceback.format_exc()) |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
228 self.sa.rollback() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
229 raise |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
230 log.debug('this %s user exists skipping creation of ldap account', |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
231 username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
232 return None |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
233 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
234 def create_registration(self, form_data): |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
235 from rhodecode.model.notification import NotificationModel |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
236 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
237 try: |
2248
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
238 form_data['admin'] = False |
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
239 new_user = self.create(form_data) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
240 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
241 self.sa.add(new_user) |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
242 self.sa.flush() |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
243 |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
244 # notification to admins |
3654
ec6354949623
Fix a lot of casings - use standard casing in most places
Mads Kiilerich <madski@unity3d.com>
parents:
3653
diff
changeset
|
245 subject = _('New user registration') |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
246 body = ('New user registration\n' |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
247 '---------------------\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
248 '- Username: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
249 '- Full Name: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
250 '- Email: %s\n') |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
251 body = body % (new_user.username, new_user.full_name, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
252 new_user.email) |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
253 edit_url = url('edit_user', id=new_user.user_id, qualified=True) |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
254 kw = {'registered_user_url': edit_url} |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
255 NotificationModel().create(created_by=new_user, subject=subject, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
256 body=body, recipients=None, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
257 type_=Notification.TYPE_REGISTRATION, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
258 email_kwargs=kw) |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
259 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
260 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
261 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
262 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
263 |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
264 def update(self, user_id, form_data, skip_attrs=[]): |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
265 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
266 try: |
1594 | 267 user = self.get(user_id, cache=False) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
268 if user.username == 'default': |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
269 raise DefaultUserException( |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
270 _("You can't Edit this user since it's" |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
271 " crucial for entire application")) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
272 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
273 for k, v in form_data.items(): |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
274 if k in skip_attrs: |
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
275 continue |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
276 if k == 'new_password' and v: |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
277 user.password = get_crypt_password(v) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
278 user.api_key = generate_api_key(user.username) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
279 else: |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
280 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
281 k = 'name' |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
282 setattr(user, k, v) |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
283 self.sa.add(user) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
284 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
285 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
286 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
287 |
2657
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
288 def update_user(self, user, **kwargs): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
289 from rhodecode.lib.auth import get_crypt_password |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
290 try: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
291 user = self._get_user(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
292 if user.username == 'default': |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
293 raise DefaultUserException( |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
294 _("You can't Edit this user since it's" |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
295 " crucial for entire application") |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
296 ) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
297 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
298 for k, v in kwargs.items(): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
299 if k == 'password' and v: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
300 v = get_crypt_password(v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
301 user.api_key = generate_api_key(user.username) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
302 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
303 setattr(user, k, v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
304 self.sa.add(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
305 return user |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
306 except Exception: |
2657
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
307 log.error(traceback.format_exc()) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
308 raise |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
309 |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
310 def delete(self, user): |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
311 user = self._get_user(user) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
312 |
265
0e5455fda8fd
Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
252
diff
changeset
|
313 try: |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
314 if user.username == 'default': |
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
315 raise DefaultUserException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
316 _(u"You can't remove this user since it's" |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
317 " crucial for entire application") |
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
318 ) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
319 if user.repositories: |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
320 repos = [x.repo_name for x in user.repositories] |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
321 raise UserOwnsReposException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
322 _(u'user "%s" still owns %s repositories and cannot be ' |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
323 'removed. Switch owners or remove those repositories. %s') |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
324 % (user.username, len(repos), ', '.join(repos)) |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
325 ) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
326 self.sa.delete(user) |
4016
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
327 |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
328 from rhodecode.lib.hooks import log_delete_user |
cce2d984b001
User create/delete hooks for rcextensions.
Jonathan Sternberg <jonathansternberg@gmail.com>
parents:
3960
diff
changeset
|
329 log_delete_user(user.get_dict()) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
330 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
331 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
332 raise |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
333 |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
334 def reset_password_link(self, data): |
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
335 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
336 from rhodecode.model.notification import EmailNotificationModel |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
337 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
338 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
339 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
340 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
341 log.debug('password reset user found %s' % user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
342 link = url('reset_password_confirmation', key=user.api_key, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
343 qualified=True) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
344 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
345 body = EmailNotificationModel().get_email_tmpl(reg_type, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
346 **{'user': user.short_contact, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
347 'reset_url': link}) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
348 log.debug('sending email') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
349 run_task(tasks.send_email, user_email, |
3654
ec6354949623
Fix a lot of casings - use standard casing in most places
Mads Kiilerich <madski@unity3d.com>
parents:
3653
diff
changeset
|
350 _("Password reset link"), body, body) |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
351 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
352 else: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
353 log.debug("password reset email %s not found" % user_email) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
354 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
355 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
356 return False |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
357 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
358 return True |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
359 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
360 def reset_password(self, data): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
361 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
362 from rhodecode.lib import auth |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
363 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
364 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
365 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
366 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
367 new_passwd = auth.PasswordGenerator().gen_password(8, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
368 auth.PasswordGenerator.ALPHABETS_BIG_SMALL) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
369 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
370 user.password = auth.get_crypt_password(new_passwd) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
371 user.api_key = auth.generate_api_key(user.username) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
372 Session().add(user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
373 Session().commit() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
374 log.info('change password for %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
375 if new_passwd is None: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
376 raise Exception('unable to generate new password') |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
377 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
378 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
379 Session().rollback() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
380 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
381 run_task(tasks.send_email, user_email, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
382 _('Your new password'), |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
383 _('Your new RhodeCode password:%s') % (new_passwd)) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
384 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
385 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
386 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
387 log.error('Failed to update user password') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
388 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
389 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
390 return True |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
391 |
1594 | 392 def fill_data(self, auth_user, user_id=None, api_key=None): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
393 """ |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
394 Fetches auth_user by user_id,or api_key if present. |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
395 Fills auth_user attributes with those taken from database. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
396 Additionally set's is_authenitated if lookup fails |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
397 present in database |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
398 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
399 :param auth_user: instance of user to set attributes |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
400 :param user_id: user id to fetch by |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
401 :param api_key: api key to fetch by |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
402 """ |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
403 if user_id is None and api_key is None: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
404 raise Exception('You need to pass user_id or api_key') |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
405 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
406 try: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
407 if api_key: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
408 dbuser = self.get_by_api_key(api_key) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
409 else: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
410 dbuser = self.get(user_id) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
411 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
412 if dbuser is not None and dbuser.active: |
1976 | 413 log.debug('filling %s data' % dbuser) |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
414 for k, v in dbuser.get_dict().items(): |
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
415 setattr(auth_user, k, v) |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
416 else: |
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
417 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
418 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
419 except Exception: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
420 log.error(traceback.format_exc()) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
421 auth_user.is_authenticated = False |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
422 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
423 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
424 return True |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
425 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
426 def fill_perms(self, user, explicit=True, algo='higherwin'): |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
427 """ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
428 Fills user permission attribute with permissions taken from database |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
429 works for permissions given for repositories, and for permissions that |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
430 are granted to groups |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
431 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
432 :param user: user instance to fill his perms |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
433 :param explicit: In case there are permissions both for user and a group |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
434 that user is part of, explicit flag will defiine if user will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
435 explicitly override permissions from group, if it's False it will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
436 make decision based on the algo |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
437 :param algo: algorithm to decide what permission should be choose if |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
438 it's multiple defined, eg user in two different groups. It also |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
439 decides if explicit flag is turned off how to specify the permission |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
440 for case when user is in a group + have defined separate permission |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
441 """ |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
442 RK = 'repositories' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
443 GK = 'repositories_groups' |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
444 UK = 'user_groups' |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
445 GLOBAL = 'global' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
446 user.permissions[RK] = {} |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
447 user.permissions[GK] = {} |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
448 user.permissions[UK] = {} |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
449 user.permissions[GLOBAL] = set() |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
450 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
451 def _choose_perm(new_perm, cur_perm): |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
452 new_perm_val = PERM_WEIGHTS[new_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
453 cur_perm_val = PERM_WEIGHTS[cur_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
454 if algo == 'higherwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
455 if new_perm_val > cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
456 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
457 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
458 elif algo == 'lowerwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
459 if new_perm_val < cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
460 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
461 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
462 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
463 #====================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
464 # fetch default permissions |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
465 #====================================================================== |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
466 default_user = User.get_by_username('default', cache=True) |
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
467 default_user_id = default_user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
468 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
469 default_repo_perms = Permission.get_default_perms(default_user_id) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
470 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
471 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
472 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
473 if user.is_admin: |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
474 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
475 # admin user have all default rights for repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
476 # and groups set to admin |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
477 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
478 user.permissions[GLOBAL].add('hg.admin') |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
479 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
480 # repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
481 for perm in default_repo_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
482 r_k = perm.UserRepoToPerm.repository.repo_name |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
483 p = 'repository.admin' |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
484 user.permissions[RK][r_k] = p |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
485 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
486 # repository groups |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
487 for perm in default_repo_groups_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
488 rg_k = perm.UserRepoGroupToPerm.group.group_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
489 p = 'group.admin' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
490 user.permissions[GK][rg_k] = p |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
491 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
492 # user groups |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
493 for perm in default_user_group_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
494 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
495 p = 'usergroup.admin' |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
496 user.permissions[UK][u_k] = p |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
497 return user |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
498 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
499 #================================================================== |
3653
4c78a0855a17
Fix 'repos group' - it is 'repository group'
Mads Kiilerich <madski@unity3d.com>
parents:
3631
diff
changeset
|
500 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
501 #================================================================== |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
502 uid = user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
503 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
504 # default global permissions taken fron the default user |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
505 default_global_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
506 .filter(UserToPerm.user_id == default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
507 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
508 for perm in default_global_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
509 user.permissions[GLOBAL].add(perm.permission.permission_name) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
510 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
511 # defaults for repositories, taken from default user |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
512 for perm in default_repo_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
513 r_k = perm.UserRepoToPerm.repository.repo_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
514 if perm.Repository.private and not (perm.Repository.user_id == uid): |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
515 # disable defaults for private repos, |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
516 p = 'repository.none' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
517 elif perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
518 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
519 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
520 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
521 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
522 |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
523 user.permissions[RK][r_k] = p |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
524 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
525 # defaults for repository groups taken from default user permission |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
526 # on given group |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
527 for perm in default_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
528 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
529 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
530 user.permissions[GK][rg_k] = p |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
531 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
532 # defaults for user groups taken from default user permission |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
533 # on given user group |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
534 for perm in default_user_group_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
535 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
536 p = perm.Permission.permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
537 user.permissions[UK][u_k] = p |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
538 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
539 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
540 # !! OVERRIDE GLOBALS !! with user permissions if any found |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
541 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
542 # those can be configured from groups or users explicitly |
3736
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
543 _configurable = set([ |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
544 'hg.fork.none', 'hg.fork.repository', |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
545 'hg.create.none', 'hg.create.repository', |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
546 'hg.usergroup.create.false', 'hg.usergroup.create.true' |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
547 ]) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
548 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
549 # USER GROUPS comes first |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
550 # user group global permissions |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
551 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
552 .options(joinedload(UserGroupToPerm.permission))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
553 .join((UserGroupMember, UserGroupToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
554 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
555 .filter(UserGroupMember.user_id == uid)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
556 .order_by(UserGroupToPerm.users_group_id)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
557 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
558 #need to group here by groups since user can be in more than one group |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
559 _grouped = [[x, list(y)] for x, y in |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
560 itertools.groupby(user_perms_from_users_groups, |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
561 lambda x:x.users_group)] |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
562 for gr, perms in _grouped: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
563 # since user can be in multiple groups iterate over them and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
564 # select the lowest permissions first (more explicit) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
565 ##TODO: do this^^ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
566 if not gr.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
567 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
568 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
569 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
570 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
571 for perm in perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
572 user.permissions[GLOBAL].add(perm.permission.permission_name) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
573 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
574 # user specific global permissions |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
575 user_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
576 .options(joinedload(UserToPerm.permission))\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
577 .filter(UserToPerm.user_id == uid).all() |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
578 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
579 if not user.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
580 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
581 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
582 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
583 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
584 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
585 for perm in user_perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
586 user.permissions[GLOBAL].add(perm.permission.permission_name) |
3736
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
587 ## END GLOBAL PERMISSIONS |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
588 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
589 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
590 # !! PERMISSIONS FOR REPOSITORIES !! |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
591 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
592 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
593 # check if user is part of user groups for this repository and |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
594 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
595 # permission should be selected based on selected method |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
596 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
597 |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
598 # user group for repositories permissions |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
599 user_repo_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
600 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
601 .join((Repository, UserGroupRepoToPerm.repository_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
602 Repository.repo_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
603 .join((Permission, UserGroupRepoToPerm.permission_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
604 Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
605 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
606 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
607 .filter(UserGroupMember.user_id == uid)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
608 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
609 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
610 multiple_counter = collections.defaultdict(int) |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
611 for perm in user_repo_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
612 r_k = perm.UserGroupRepoToPerm.repository.repo_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
613 multiple_counter[r_k] += 1 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
614 p = perm.Permission.permission_name |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
615 cur_perm = user.permissions[RK][r_k] |
2864
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
616 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
617 if perm.Repository.user_id == uid: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
618 # set admin if owner |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
619 p = 'repository.admin' |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
620 else: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
621 if multiple_counter[r_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
622 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
623 user.permissions[RK][r_k] = p |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
624 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
625 # user explicit permissions for repositories, overrides any specified |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
626 # by the group permission |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
627 user_repo_perms = Permission.get_default_perms(uid) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
628 for perm in user_repo_perms: |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
629 r_k = perm.UserRepoToPerm.repository.repo_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
630 cur_perm = user.permissions[RK][r_k] |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
631 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
632 if perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
633 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
634 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
635 p = perm.Permission.permission_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
636 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
637 p = _choose_perm(p, cur_perm) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
638 user.permissions[RK][r_k] = p |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
639 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
640 #====================================================================== |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
641 # !! PERMISSIONS FOR REPOSITORY GROUPS !! |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
642 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
643 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
644 # check if user is part of user groups for this repository groups and |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
645 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
646 # permission should be selected based on selected method |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
647 #====================================================================== |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
648 # user group for repo groups permissions |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
649 user_repo_group_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
650 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
651 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
652 .join((Permission, UserGroupRepoGroupToPerm.permission_id |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
653 == Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
654 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
655 == UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
656 .filter(UserGroupMember.user_id == uid)\ |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
657 .all() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
658 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
659 multiple_counter = collections.defaultdict(int) |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
660 for perm in user_repo_group_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
661 g_k = perm.UserGroupRepoGroupToPerm.group.group_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
662 multiple_counter[g_k] += 1 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
663 p = perm.Permission.permission_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
664 cur_perm = user.permissions[GK][g_k] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
665 if multiple_counter[g_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
666 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
667 user.permissions[GK][g_k] = p |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
668 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
669 # user explicit permissions for repository groups |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
670 user_repo_groups_perms = Permission.get_default_group_perms(uid) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
671 for perm in user_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
672 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
673 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
674 cur_perm = user.permissions[GK][rg_k] |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
675 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
676 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
677 user.permissions[GK][rg_k] = p |
2129
43481c3d70ca
#399 added inheritance of permissions for users group on repos groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2124
diff
changeset
|
678 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
679 #====================================================================== |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
680 # !! PERMISSIONS FOR USER GROUPS !! |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
681 #====================================================================== |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
682 # user group for user group permissions |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
683 user_group_user_groups_perms = \ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
684 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
685 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
686 == UserGroup.users_group_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
687 .join((Permission, UserGroupUserGroupToPerm.permission_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
688 == Permission.permission_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
689 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
690 == UserGroupMember.users_group_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
691 .filter(UserGroupMember.user_id == uid)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
692 .all() |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
693 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
694 multiple_counter = collections.defaultdict(int) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
695 for perm in user_group_user_groups_perms: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
696 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
697 multiple_counter[g_k] += 1 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
698 p = perm.Permission.permission_name |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
699 cur_perm = user.permissions[UK][g_k] |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
700 if multiple_counter[g_k] > 1: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
701 p = _choose_perm(p, cur_perm) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
702 user.permissions[UK][g_k] = p |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
703 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
704 #user explicit permission for user groups |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
705 user_user_groups_perms = Permission.get_default_user_group_perms(uid) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
706 for perm in user_user_groups_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
707 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
708 p = perm.Permission.permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
709 cur_perm = user.permissions[UK][u_k] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
710 if not explicit: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
711 p = _choose_perm(p, cur_perm) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
712 user.permissions[UK][u_k] = p |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
713 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
714 return user |
1594 | 715 |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
716 def has_perm(self, user, perm): |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
717 perm = self._get_perm(perm) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
718 user = self._get_user(user) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
719 |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
720 return UserToPerm.query().filter(UserToPerm.user == user)\ |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
721 .filter(UserToPerm.permission == perm).scalar() is not None |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
722 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
723 def grant_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
724 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
725 Grant user global permissions |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
726 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
727 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
728 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
729 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
730 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
731 perm = self._get_perm(perm) |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
732 # if this permission is already granted skip it |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
733 _perm = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
734 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
735 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
736 .scalar() |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
737 if _perm: |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
738 return |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
739 new = UserToPerm() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
740 new.user = user |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
741 new.permission = perm |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
742 self.sa.add(new) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
743 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
744 def revoke_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
745 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
746 Revoke users global permissions |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
747 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
748 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
749 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
750 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
751 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
752 perm = self._get_perm(perm) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
753 |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
754 obj = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
755 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
756 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
757 .scalar() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
758 if obj: |
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
759 self.sa.delete(obj) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
760 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
761 def add_extra_email(self, user, email): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
762 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
763 Adds email address to UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
764 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
765 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
766 :param email: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
767 """ |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
768 from rhodecode.model import forms |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
769 form = forms.UserExtraEmailForm()() |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
770 data = form.to_python(dict(email=email)) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
771 user = self._get_user(user) |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
772 |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
773 obj = UserEmailMap() |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
774 obj.user = user |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
775 obj.email = data['email'] |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
776 self.sa.add(obj) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
777 return obj |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
778 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
779 def delete_extra_email(self, user, email_id): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
780 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
781 Removes email address from UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
782 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
783 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
784 :param email_id: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
785 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
786 user = self._get_user(user) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
787 obj = UserEmailMap.query().get(email_id) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
788 if obj: |
2478
8eab81115660
white space cleanup
Marcin Kuzminski <marcin@python-works.com>
parents:
2467
diff
changeset
|
789 self.sa.delete(obj) |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
790 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
791 def add_extra_ip(self, user, ip): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
792 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
793 Adds ip address to UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
794 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
795 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
796 :param ip: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
797 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
798 from rhodecode.model import forms |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
799 form = forms.UserExtraIpForm()() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
800 data = form.to_python(dict(ip=ip)) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
801 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
802 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
803 obj = UserIpMap() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
804 obj.user = user |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
805 obj.ip_addr = data['ip'] |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
806 self.sa.add(obj) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
807 return obj |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
808 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
809 def delete_extra_ip(self, user, ip_id): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
810 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
811 Removes ip address from UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
812 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
813 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
814 :param ip_id: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
815 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
816 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
817 obj = UserIpMap.query().get(ip_id) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
818 if obj: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
819 self.sa.delete(obj) |