Mercurial > kallithea
annotate rhodecode/model/user.py @ 1267:d534aff5e82a beta
user defined permission will update the global permissions, and overwrite default settings.
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 18 Apr 2011 20:55:37 +0200 |
parents | a671db5bdd58 |
children | 2e7f21429316 |
rev | line source |
---|---|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
1 # -*- coding: utf-8 -*- |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
2 """ |
956
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
3 rhodecode.model.user |
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~ |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
5 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
6 users model for RhodeCode |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
7 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
8 :created_on: Apr 9, 2010 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
9 :author: marcink |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
10 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com> |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
12 """ |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
17 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
21 # GNU General Public License for more details. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
22 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
25 |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
26 import logging |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
27 import traceback |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
28 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
29 from pylons.i18n.translation import _ |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
30 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
31 from rhodecode.model import BaseModel |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
32 from rhodecode.model.caching_query import FromCache |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
33 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
34 UserToPerm, UsersGroupToPerm, UsersGroupMember |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
35 from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
36 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
37 from sqlalchemy.exc import DatabaseError |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
38 from rhodecode.lib import generate_api_key |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
39 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
40 log = logging.getLogger(__name__) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
41 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
42 |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
43 PERM_ = '' |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
44 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
45 PERM_WEIGHTS = {'repository.none':0, |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
46 'repository.read':1, |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
47 'repository.write':3, |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
48 'repository.admin':3} |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
49 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
50 |
752
89b9037d68b7
fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents:
750
diff
changeset
|
51 class UserModel(BaseModel): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
52 |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
53 def get(self, user_id, cache=False): |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
54 user = self.sa.query(User) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
55 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
56 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
57 "get_user_%s" % user_id)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
58 return user.get(user_id) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
59 |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
60 |
742
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
61 def get_by_username(self, username, cache=False, case_insensitive=False): |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
62 |
742
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
63 if case_insensitive: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
64 user = self.sa.query(User).filter(User.username.ilike(username)) |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
65 else: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
66 user = self.sa.query(User)\ |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
67 .filter(User.username == username) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
68 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
69 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
70 "get_user_%s" % username)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
71 return user.scalar() |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
72 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
73 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
74 def get_by_api_key(self, api_key, cache=False): |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
75 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
76 user = self.sa.query(User)\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
77 .filter(User.api_key == api_key) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
78 if cache: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
79 user = user.options(FromCache("sql_cache_short", |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
80 "get_user_%s" % api_key)) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
81 return user.scalar() |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
82 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
83 def create(self, form_data): |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
84 try: |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
85 new_user = User() |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
86 for k, v in form_data.items(): |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
87 setattr(new_user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
88 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
89 new_user.api_key = generate_api_key(form_data['username']) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
90 self.sa.add(new_user) |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
91 self.sa.commit() |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
92 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
93 log.error(traceback.format_exc()) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
94 self.sa.rollback() |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
95 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
96 |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
97 def create_ldap(self, username, password, user_dn, attrs): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
98 """ |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
99 Checks if user is in database, if not creates this user marked |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
100 as ldap user |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
101 :param username: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
102 :param password: |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
103 :param user_dn: |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
104 :param attrs: |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
105 """ |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
106 from rhodecode.lib.auth import get_crypt_password |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
107 log.debug('Checking for such ldap account in RhodeCode database') |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
108 if self.get_by_username(username, case_insensitive=True) is None: |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
109 try: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
110 new_user = User() |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
111 new_user.username = username.lower() # add ldap account always lowercase |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
112 new_user.password = get_crypt_password(password) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
113 new_user.api_key = generate_api_key(username) |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
114 new_user.email = attrs['email'] |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
115 new_user.active = True |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
116 new_user.ldap_dn = user_dn |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
117 new_user.name = attrs['name'] |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
118 new_user.lastname = attrs['lastname'] |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
119 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
120 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
121 self.sa.add(new_user) |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
122 self.sa.commit() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
123 return True |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
124 except (DatabaseError,): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
125 log.error(traceback.format_exc()) |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
126 self.sa.rollback() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
127 raise |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
128 log.debug('this %s user exists skipping creation of ldap account', |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
129 username) |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
130 return False |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
131 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
132 def create_registration(self, form_data): |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
133 from rhodecode.lib.celerylib import tasks, run_task |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
134 try: |
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
135 new_user = User() |
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
136 for k, v in form_data.items(): |
417
3ed2d46a2ca7
permission refactoring,
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
137 if k != 'admin': |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
138 setattr(new_user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
139 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
140 self.sa.add(new_user) |
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
141 self.sa.commit() |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
142 body = ('New user registration\n' |
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
143 'username: %s\n' |
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
144 'email: %s\n') |
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
145 body = body % (form_data['username'], form_data['email']) |
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
146 |
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
147 run_task(tasks.send_email, None, |
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
148 _('[RhodeCode] New User registration'), |
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
149 body) |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
150 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
151 log.error(traceback.format_exc()) |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
152 self.sa.rollback() |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
153 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
154 |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
155 def update(self, user_id, form_data): |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
156 try: |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
157 user = self.get(user_id, cache=False) |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
158 if user.username == 'default': |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
159 raise DefaultUserException( |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
160 _("You can't Edit this user since it's" |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
161 " crucial for entire application")) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
162 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
163 for k, v in form_data.items(): |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
164 if k == 'new_password' and v != '': |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
165 user.password = v |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
166 user.api_key = generate_api_key(user.username) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
167 else: |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
168 setattr(user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
169 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
170 self.sa.add(user) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
171 self.sa.commit() |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
172 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
173 log.error(traceback.format_exc()) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
174 self.sa.rollback() |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
175 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
176 |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
177 def update_my_account(self, user_id, form_data): |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
178 try: |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
179 user = self.get(user_id, cache=False) |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
180 if user.username == 'default': |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
181 raise DefaultUserException( |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
182 _("You can't Edit this user since it's" |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
183 " crucial for entire application")) |
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
184 for k, v in form_data.items(): |
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
185 if k == 'new_password' and v != '': |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
186 user.password = v |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
187 user.api_key = generate_api_key(user.username) |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
188 else: |
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
189 if k not in ['admin', 'active']: |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
190 setattr(user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
191 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
192 self.sa.add(user) |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
193 self.sa.commit() |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
194 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
195 log.error(traceback.format_exc()) |
371
5cd6616b8673
routes python 2.5 compatible
Marcin Kuzminski <marcin@python-works.com>
parents:
363
diff
changeset
|
196 self.sa.rollback() |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
197 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
198 |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
199 def delete(self, user_id): |
265
0e5455fda8fd
Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
252
diff
changeset
|
200 try: |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
201 user = self.get(user_id, cache=False) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
202 if user.username == 'default': |
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
203 raise DefaultUserException( |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
204 _("You can't remove this user since it's" |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
205 " crucial for entire application")) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
206 if user.repositories: |
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
207 raise UserOwnsReposException(_('This user still owns %s ' |
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
208 'repositories and cannot be ' |
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
209 'removed. Switch owners or ' |
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
210 'remove those repositories') \ |
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
211 % user.repositories) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
212 self.sa.delete(user) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
213 self.sa.commit() |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
214 except: |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
215 log.error(traceback.format_exc()) |
265
0e5455fda8fd
Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
252
diff
changeset
|
216 self.sa.rollback() |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
217 raise |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
218 |
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
219 def reset_password(self, data): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
220 from rhodecode.lib.celerylib import tasks, run_task |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
221 run_task(tasks.reset_user_password, data['email']) |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
222 |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
223 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
224 def fill_data(self, auth_user, user_id=None, api_key=None): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
225 """ |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
226 Fetches auth_user by user_id,or api_key if present. |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
227 Fills auth_user attributes with those taken from database. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
228 Additionally set's is_authenitated if lookup fails |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
229 present in database |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
230 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
231 :param auth_user: instance of user to set attributes |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
232 :param user_id: user id to fetch by |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
233 :param api_key: api key to fetch by |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
234 """ |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
235 if user_id is None and api_key is None: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
236 raise Exception('You need to pass user_id or api_key') |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
237 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
238 try: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
239 if api_key: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
240 dbuser = self.get_by_api_key(api_key) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
241 else: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
242 dbuser = self.get(user_id) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
243 |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
244 if dbuser is not None: |
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
245 log.debug('filling %s data', dbuser) |
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
246 for k, v in dbuser.get_dict().items(): |
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
247 setattr(auth_user, k, v) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
248 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
249 except: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
250 log.error(traceback.format_exc()) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
251 auth_user.is_authenticated = False |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
252 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
253 return auth_user |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
254 |
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
255 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
256 def fill_perms(self, user): |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
257 """Fills user permission attribute with permissions taken from database |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
258 works for permissions given for repositories, and for permissions that |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
259 as part of beeing group member |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
260 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
261 :param user: user instance to fill his perms |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
262 """ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
263 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
264 user.permissions['repositories'] = {} |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
265 user.permissions['global'] = set() |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
266 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
267 #====================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
268 # fetch default permissions |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
269 #====================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
270 default_user = self.get_by_username('default', cache=True) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
271 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
272 default_perms = self.sa.query(RepoToPerm, Repository, Permission)\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
273 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
274 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
275 .filter(RepoToPerm.user == default_user).all() |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
276 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
277 if user.is_admin: |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
278 #================================================================== |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
279 # #admin have all default rights set to admin |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
280 #================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
281 user.permissions['global'].add('hg.admin') |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
282 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
283 for perm in default_perms: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
284 p = 'repository.admin' |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
285 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
286 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
287 else: |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
288 #================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
289 # set default permissions |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
290 #================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
291 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
292 #default global |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
293 default_global_perms = self.sa.query(UserToPerm)\ |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
294 .filter(UserToPerm.user == User.by_username('default')) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
295 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
296 for perm in default_global_perms: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
297 user.permissions['global'].add(perm.permission.permission_name) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
298 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
299 #default for repositories |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
300 for perm in default_perms: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
301 if perm.Repository.private and not perm.Repository.user_id == user.user_id: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
302 #diself.sable defaults for private repos, |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
303 p = 'repository.none' |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
304 elif perm.Repository.user_id == user.user_id: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
305 #set admin if owner |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
306 p = 'repository.admin' |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
307 else: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
308 p = perm.Permission.permission_name |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
309 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
310 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
311 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
312 #================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
313 # overwrite default with user permissions if any |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
314 #================================================================== |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
315 |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
316 user_perms = self.sa.query(UserToPerm)\ |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
317 .filter(UserToPerm.user == |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
318 User.get(user.user_id)).all() |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
319 |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
320 for perm in user_perms: |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
321 user.permissions['global'].add(perm.permission.permission_name) |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
322 |
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
323 user_repo_perms = self.sa.query(RepoToPerm, Permission, Repository)\ |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
324 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
325 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
326 .filter(RepoToPerm.user_id == user.user_id).all() |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
327 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
328 for perm in user_repo_perms: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
329 if perm.Repository.user_id == user.user_id:#set admin if owner |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
330 p = 'repository.admin' |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
331 else: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
332 p = perm.Permission.permission_name |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
333 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
334 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
335 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
336 #======================================================================= |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
337 # check if user is part of groups for this repository and fill in |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
338 # (or replace with higher) permissions |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
339 #======================================================================= |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
340 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm, Permission, Repository,)\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
341 .join((Repository, UsersGroupToPerm.repository_id == Repository.repo_id))\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
342 .join((Permission, UsersGroupToPerm.permission_id == Permission.permission_id))\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
343 .join((UsersGroupMember, UsersGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
344 .filter(UsersGroupMember.user_id == user.user_id).all() |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
345 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
346 for perm in user_perms_from_users_groups: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
347 p = perm.Permission.permission_name |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
348 cur_perm = user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name] |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
349 #overwrite permission only if it's greater than permission given from other sources |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
350 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
351 user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name] = p |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
352 |
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
353 return user |