Mercurial > kallithea
annotate rhodecode/model/user.py @ 3852:eae62e28343e beta
handle case of rewrite without an gistid in nginx example
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Sun, 12 May 2013 17:19:21 +0200 |
parents | 647fb653048e |
children | 5293d4bbb1ea |
rev | line source |
---|---|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
1 # -*- coding: utf-8 -*- |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
2 """ |
956
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
3 rhodecode.model.user |
83d35d716a02
started working on issue #56
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~ |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
5 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
6 users model for RhodeCode |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
7 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
8 :created_on: Apr 9, 2010 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
9 :author: marcink |
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
12 """ |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
17 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
21 # GNU General Public License for more details. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
22 # |
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
238
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
25 |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
26 import logging |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
27 import traceback |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
28 import itertools |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
29 import collections |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
30 from pylons import url |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
31 from pylons.i18n.translation import _ |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
32 |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
33 from sqlalchemy.exc import DatabaseError |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
34 from sqlalchemy.orm import joinedload |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
35 |
2109 | 36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key |
1669
f522f4d3bf93
moved caching query to libs
Marcin Kuzminski <marcin@python-works.com>
parents:
1634
diff
changeset
|
37 from rhodecode.lib.caching_query import FromCache |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
38 from rhodecode.model import BaseModel |
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1628
diff
changeset
|
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \ |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
43 from rhodecode.lib.exceptions import DefaultUserException, \ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
44 UserOwnsReposException |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
45 from rhodecode.model.meta import Session |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
46 |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
47 |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
48 log = logging.getLogger(__name__) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
49 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
50 PERM_WEIGHTS = Permission.PERM_WEIGHTS |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
51 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
52 |
752
89b9037d68b7
fixed Example celery config to ampq,
Marcin Kuzminski <marcin@python-works.com>
parents:
750
diff
changeset
|
53 class UserModel(BaseModel): |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
54 cls = User |
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1713
diff
changeset
|
55 |
1594 | 56 def get(self, user_id, cache=False): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
57 user = self.sa.query(User) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
58 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
59 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
60 "get_user_%s" % user_id)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
61 return user.get(user_id) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
62 |
2009 | 63 def get_user(self, user): |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
64 return self._get_user(user) |
2009 | 65 |
1594 | 66 def get_by_username(self, username, cache=False, case_insensitive=False): |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
67 |
742
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
68 if case_insensitive: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
69 user = self.sa.query(User).filter(User.username.ilike(username)) |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
70 else: |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
71 user = self.sa.query(User)\ |
1377a9d4bdb9
#78, fixed more reliable case insensitive searches
Marcin Kuzminski <marcin@python-works.com>
parents:
713
diff
changeset
|
72 .filter(User.username == username) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
73 if cache: |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
74 user = user.options(FromCache("sql_cache_short", |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
75 "get_user_%s" % username)) |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
76 return user.scalar() |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
77 |
2522
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
78 def get_by_email(self, email, cache=False, case_insensitive=False): |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
79 return User.get_by_email(email, case_insensitive, cache) |
17893d61792a
Added associated classes into child models
Marcin Kuzminski <marcin@python-works.com>
parents:
2513
diff
changeset
|
80 |
1594 | 81 def get_by_api_key(self, api_key, cache=False): |
1693
60249224be04
fix for api key lookup, reuse same function in user model
Marcin Kuzminski <marcin@python-works.com>
parents:
1690
diff
changeset
|
82 return User.get_by_api_key(api_key, cache) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
83 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
84 def create(self, form_data): |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
85 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
86 try: |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
87 new_user = User() |
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
88 for k, v in form_data.items(): |
2467
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
89 if k == 'password': |
4419551b2915
Switched forms to new validators
Marcin Kuzminski <marcin@python-works.com>
parents:
2432
diff
changeset
|
90 v = get_crypt_password(v) |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
91 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
92 k = 'name' |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
93 setattr(new_user, k, v) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
94 |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
95 new_user.api_key = generate_api_key(form_data['username']) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
96 self.sa.add(new_user) |
1586
2ccb32ddcfd7
Add API for repositories and groups (creation, permission)
Nicolas VINOT <aeris@imirhil.fr>
parents:
1417
diff
changeset
|
97 return new_user |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
98 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
99 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
100 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
101 |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
102 def create_or_update(self, username, password, email, firstname='', |
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
103 lastname='', active=True, admin=False, ldap_dn=None): |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
104 """ |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
105 Creates a new instance if not found, or updates current one |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
106 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
107 :param username: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
108 :param password: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
109 :param email: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
110 :param active: |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
111 :param firstname: |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
112 :param lastname: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
113 :param active: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
114 :param admin: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
115 :param ldap_dn: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
116 """ |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
117 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
118 from rhodecode.lib.auth import get_crypt_password |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
119 |
1976 | 120 log.debug('Checking for %s account in RhodeCode database' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
121 user = User.get_by_username(username, case_insensitive=True) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
122 if user is None: |
1976 | 123 log.debug('creating new user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
124 new_user = User() |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
125 edit = False |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
126 else: |
1976 | 127 log.debug('updating user %s' % username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
128 new_user = user |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
129 edit = True |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
130 |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
131 try: |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
132 new_user.username = username |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
133 new_user.admin = admin |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
134 # set password only if creating an user or password is changed |
3625
260a7a01b054
follow Python conventions for boolean values
Mads Kiilerich <madski@unity3d.com>
parents:
3417
diff
changeset
|
135 if not edit or user.password != password: |
3809
647fb653048e
make the password optional in API calls
Marcin Kuzminski <marcin@python-works.com>
parents:
3788
diff
changeset
|
136 new_user.password = get_crypt_password(password) if password else None |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
137 new_user.api_key = generate_api_key(username) |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
138 new_user.email = email |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
139 new_user.active = active |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
140 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None |
2513
388843a3a3c0
Updated create_or_update method to not change API key when password is not updated
Marcin Kuzminski <marcin@python-works.com>
parents:
2488
diff
changeset
|
141 new_user.name = firstname |
1634
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
142 new_user.lastname = lastname |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
143 self.sa.add(new_user) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
144 return new_user |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
145 except (DatabaseError,): |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
146 log.error(traceback.format_exc()) |
1d904d972c47
User usermodel instead of db model to manage accounts
Marcin Kuzminski <marcin@python-works.com>
parents:
1633
diff
changeset
|
147 raise |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
148 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
149 def create_for_container_auth(self, username, attrs): |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
150 """ |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
151 Creates the given user if it's not already in the database |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
152 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
153 :param username: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
154 :param attrs: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
155 """ |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
156 if self.get_by_username(username, case_insensitive=True) is None: |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
157 |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
158 # autogenerate email for container account without one |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
159 generate_email = lambda usr: '%s@container_auth.account' % usr |
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
160 |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
161 try: |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
162 new_user = User() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
163 new_user.username = username |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
164 new_user.password = None |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
165 new_user.api_key = generate_api_key(username) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
166 new_user.email = attrs['email'] |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
167 new_user.active = attrs.get('active', True) |
1690
6944b1249f28
fixed issues with not unique emails when using ldap or container auth.
Marcin Kuzminski <marcin@python-works.com>
parents:
1689
diff
changeset
|
168 new_user.name = attrs['name'] or generate_email(username) |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
169 new_user.lastname = attrs['lastname'] |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
170 |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
171 self.sa.add(new_user) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
172 return new_user |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
173 except (DatabaseError,): |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
174 log.error(traceback.format_exc()) |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
175 self.sa.rollback() |
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
176 raise |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
177 log.debug('User %s already exists. Skipping creation of account' |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
178 ' for container auth.', username) |
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
179 return None |
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
180 |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
181 def create_ldap(self, username, password, user_dn, attrs): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
182 """ |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
183 Checks if user is in database, if not creates this user marked |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
184 as ldap user |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
185 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
186 :param username: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
187 :param password: |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
188 :param user_dn: |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
189 :param attrs: |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
190 """ |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
191 from rhodecode.lib.auth import get_crypt_password |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
192 log.debug('Checking for such ldap account in RhodeCode database') |
1594 | 193 if self.get_by_username(username, case_insensitive=True) is None: |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
194 |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
195 # autogenerate email for ldap account without one |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
196 generate_email = lambda usr: '%s@ldap.account' % usr |
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
197 |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
198 try: |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
199 new_user = User() |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
200 username = username.lower() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
201 # add ldap account always lowercase |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
202 new_user.username = username |
750
73c99f45ef2a
fixed security issue when saving ldap user saved plaintext password
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
203 new_user.password = get_crypt_password(password) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
204 new_user.api_key = generate_api_key(username) |
1689
cc302c98bb8e
fix fo empty email passed in attributes of ldap account.
Marcin Kuzminski <marcin@python-works.com>
parents:
1669
diff
changeset
|
205 new_user.email = attrs['email'] or generate_email(username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
206 new_user.active = attrs.get('active', True) |
1516
582686d76cb6
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1417
diff
changeset
|
207 new_user.ldap_dn = safe_unicode(user_dn) |
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
208 new_user.name = attrs['name'] |
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
956
diff
changeset
|
209 new_user.lastname = attrs['lastname'] |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
210 |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
211 self.sa.add(new_user) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
212 return new_user |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
213 except (DatabaseError,): |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
214 log.error(traceback.format_exc()) |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
215 self.sa.rollback() |
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
216 raise |
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
217 log.debug('this %s user exists skipping creation of ldap account', |
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
752
diff
changeset
|
218 username) |
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1626
diff
changeset
|
219 return None |
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
220 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
221 def create_registration(self, form_data): |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
222 from rhodecode.model.notification import NotificationModel |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
223 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
224 try: |
2248
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
225 form_data['admin'] = False |
72542dc597be
fixed issue with empty APIKEYS on registration #438
Marcin Kuzminski <marcin@python-works.com>
parents:
2186
diff
changeset
|
226 new_user = self.create(form_data) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
227 |
363
98abf8953b87
Added user registration, changed login url schema, moved it into _admin/ for safety
Marcin Kuzminski <marcin@python-works.com>
parents:
347
diff
changeset
|
228 self.sa.add(new_user) |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
229 self.sa.flush() |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
230 |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
231 # notification to admins |
3654
ec6354949623
Fix a lot of casings - use standard casing in most places
Mads Kiilerich <madski@unity3d.com>
parents:
3653
diff
changeset
|
232 subject = _('New user registration') |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
233 body = ('New user registration\n' |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
234 '---------------------\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
235 '- Username: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
236 '- Full Name: %s\n' |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
237 '- Email: %s\n') |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
238 body = body % (new_user.username, new_user.full_name, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
239 new_user.email) |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
240 edit_url = url('edit_user', id=new_user.user_id, qualified=True) |
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
241 kw = {'registered_user_url': edit_url} |
1731
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
242 NotificationModel().create(created_by=new_user, subject=subject, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
243 body=body, recipients=None, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
244 type_=Notification.TYPE_REGISTRATION, |
31e6eb2fb4b2
implements #222 registration feedback
Marcin Kuzminski <marcin@python-works.com>
parents:
1729
diff
changeset
|
245 email_kwargs=kw) |
689
ecc566f8b69f
fixes #59, notifications for user registrations + some changes to mailer
Marcin Kuzminski <marcin@python-works.com>
parents:
686
diff
changeset
|
246 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
247 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
248 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
249 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
250 |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
251 def update(self, user_id, form_data, skip_attrs=[]): |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
252 from rhodecode.lib.auth import get_crypt_password |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
253 try: |
1594 | 254 user = self.get(user_id, cache=False) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
255 if user.username == 'default': |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
256 raise DefaultUserException( |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
257 _("You can't Edit this user since it's" |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
258 " crucial for entire application")) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
259 |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
260 for k, v in form_data.items(): |
3021
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
261 if k in skip_attrs: |
b2b93614a7cd
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Marcin Kuzminski <marcin@python-works.com>
parents:
2864
diff
changeset
|
262 continue |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
263 if k == 'new_password' and v: |
2488
b5b34d71b23b
fix crypt password on update my account
Marcin Kuzminski <marcin@python-works.com>
parents:
2479
diff
changeset
|
264 user.password = get_crypt_password(v) |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
265 user.api_key = generate_api_key(user.username) |
238
a55c17874486
Rewrite of user managment, improved forms, added some user info
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
266 else: |
2544
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
267 if k == 'firstname': |
6ce3387bf0ce
Renamed name to firstname in forms
Marcin Kuzminski <marcin@python-works.com>
parents:
2522
diff
changeset
|
268 k = 'name' |
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
269 setattr(user, k, v) |
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
270 self.sa.add(user) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
271 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
272 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
273 raise |
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
274 |
2657
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
275 def update_user(self, user, **kwargs): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
276 from rhodecode.lib.auth import get_crypt_password |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
277 try: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
278 user = self._get_user(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
279 if user.username == 'default': |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
280 raise DefaultUserException( |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
281 _("You can't Edit this user since it's" |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
282 " crucial for entire application") |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
283 ) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
284 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
285 for k, v in kwargs.items(): |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
286 if k == 'password' and v: |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
287 v = get_crypt_password(v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
288 user.api_key = generate_api_key(user.username) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
289 |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
290 setattr(user, k, v) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
291 self.sa.add(user) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
292 return user |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
293 except Exception: |
2657
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
294 log.error(traceback.format_exc()) |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
295 raise |
001c7e2ae986
fixed api issue with changing username during update_user
Marcin Kuzminski <marcin@python-works.com>
parents:
2544
diff
changeset
|
296 |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
297 def delete(self, user): |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
298 user = self._get_user(user) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
299 |
265
0e5455fda8fd
Implemented basic repository managment. Implemented repo2db mappings, model, helpers updates and code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
252
diff
changeset
|
300 try: |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
301 if user.username == 'default': |
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
302 raise DefaultUserException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
303 _(u"You can't remove this user since it's" |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
304 " crucial for entire application") |
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
305 ) |
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
306 if user.repositories: |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
307 repos = [x.repo_name for x in user.repositories] |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
308 raise UserOwnsReposException( |
2153
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
309 _(u'user "%s" still owns %s repositories and cannot be ' |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
310 'removed. Switch owners or remove those repositories. %s') |
fa637dc3e029
Improved message about deleting user who owns repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
2150
diff
changeset
|
311 % (user.username, len(repos), ', '.join(repos)) |
2124
273ce1a99c3f
fixed #397 Private repository groups shows up before login
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
312 ) |
314
0d26d46bd370
protected againts changing default user.
Marcin Kuzminski <marcin@python-works.com>
parents:
265
diff
changeset
|
313 self.sa.delete(user) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
314 except Exception: |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
315 log.error(traceback.format_exc()) |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
316 raise |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
317 |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
318 def reset_password_link(self, data): |
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
319 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
320 from rhodecode.model.notification import EmailNotificationModel |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
321 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
322 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
323 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
324 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
325 log.debug('password reset user found %s' % user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
326 link = url('reset_password_confirmation', key=user.api_key, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
327 qualified=True) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
328 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
329 body = EmailNotificationModel().get_email_tmpl(reg_type, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
330 **{'user': user.short_contact, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
331 'reset_url': link}) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
332 log.debug('sending email') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
333 run_task(tasks.send_email, user_email, |
3654
ec6354949623
Fix a lot of casings - use standard casing in most places
Mads Kiilerich <madski@unity3d.com>
parents:
3653
diff
changeset
|
334 _("Password reset link"), body, body) |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
335 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
336 else: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
337 log.debug("password reset email %s not found" % user_email) |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
338 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
339 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
340 return False |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
341 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
342 return True |
1417
5875955def39
fixes #223 improve password reset form
Marcin Kuzminski <marcin@python-works.com>
parents:
1270
diff
changeset
|
343 |
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
344 def reset_password(self, data): |
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
547
diff
changeset
|
345 from rhodecode.lib.celerylib import tasks, run_task |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
346 from rhodecode.lib import auth |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
347 user_email = data['email'] |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
348 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
349 try: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
350 user = User.get_by_email(user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
351 new_passwd = auth.PasswordGenerator().gen_password(8, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
352 auth.PasswordGenerator.ALPHABETS_BIG_SMALL) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
353 if user: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
354 user.password = auth.get_crypt_password(new_passwd) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
355 user.api_key = auth.generate_api_key(user.username) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
356 Session().add(user) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
357 Session().commit() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
358 log.info('change password for %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
359 if new_passwd is None: |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
360 raise Exception('unable to generate new password') |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
361 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
362 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
363 Session().rollback() |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
364 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
365 run_task(tasks.send_email, user_email, |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
366 _('Your new password'), |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
367 _('Your new RhodeCode password:%s') % (new_passwd)) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
368 log.info('send new password mail to %s' % user_email) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
369 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
370 except Exception: |
3401
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
371 log.error('Failed to update user password') |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
372 log.error(traceback.format_exc()) |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
373 |
5c310b7b01ce
moved out password reset tasks from celery, it doesn't make any sense to keep them there, additionally they are broken
Marcin Kuzminski <marcin@python-works.com>
parents:
3159
diff
changeset
|
374 return True |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
375 |
1594 | 376 def fill_data(self, auth_user, user_id=None, api_key=None): |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
377 """ |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
378 Fetches auth_user by user_id,or api_key if present. |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
379 Fills auth_user attributes with those taken from database. |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
380 Additionally set's is_authenitated if lookup fails |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
381 present in database |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
382 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
383 :param auth_user: instance of user to set attributes |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
384 :param user_id: user id to fetch by |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
385 :param api_key: api key to fetch by |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
386 """ |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
387 if user_id is None and api_key is None: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
388 raise Exception('You need to pass user_id or api_key') |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
389 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
390 try: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
391 if api_key: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
392 dbuser = self.get_by_api_key(api_key) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
393 else: |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
394 dbuser = self.get(user_id) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
395 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
396 if dbuser is not None and dbuser.active: |
1976 | 397 log.debug('filling %s data' % dbuser) |
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
398 for k, v in dbuser.get_dict().items(): |
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
399 setattr(auth_user, k, v) |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
400 else: |
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
401 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
402 |
3631
10b4e34841a4
Don't catch all exceptions
Marcin Kuzminski <marcin@python-works.com>
parents:
3625
diff
changeset
|
403 except Exception: |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
404 log.error(traceback.format_exc()) |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
405 auth_user.is_authenticated = False |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
406 return False |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
407 |
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1594
diff
changeset
|
408 return True |
686
ff6a8196ebfe
fixed anonymous access bug.
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
409 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
410 def fill_perms(self, user, explicit=True, algo='higherwin'): |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
411 """ |
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
412 Fills user permission attribute with permissions taken from database |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
413 works for permissions given for repositories, and for permissions that |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
414 are granted to groups |
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
415 |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
416 :param user: user instance to fill his perms |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
417 :param explicit: In case there are permissions both for user and a group |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
418 that user is part of, explicit flag will defiine if user will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
419 explicitly override permissions from group, if it's False it will |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
420 make decision based on the algo |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
421 :param algo: algorithm to decide what permission should be choose if |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
422 it's multiple defined, eg user in two different groups. It also |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
423 decides if explicit flag is turned off how to specify the permission |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
424 for case when user is in a group + have defined separate permission |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
425 """ |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
426 RK = 'repositories' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
427 GK = 'repositories_groups' |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
428 UK = 'user_groups' |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
429 GLOBAL = 'global' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
430 user.permissions[RK] = {} |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
431 user.permissions[GK] = {} |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
432 user.permissions[UK] = {} |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
433 user.permissions[GLOBAL] = set() |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
434 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
435 def _choose_perm(new_perm, cur_perm): |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
436 new_perm_val = PERM_WEIGHTS[new_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
437 cur_perm_val = PERM_WEIGHTS[cur_perm] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
438 if algo == 'higherwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
439 if new_perm_val > cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
440 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
441 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
442 elif algo == 'lowerwin': |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
443 if new_perm_val < cur_perm_val: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
444 return new_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
445 return cur_perm |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
446 |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
447 #====================================================================== |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
448 # fetch default permissions |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
449 #====================================================================== |
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
450 default_user = User.get_by_username('default', cache=True) |
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
451 default_user_id = default_user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
452 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
453 default_repo_perms = Permission.get_default_perms(default_user_id) |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
454 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id) |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
455 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
456 |
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
457 if user.is_admin: |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
458 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
459 # admin user have all default rights for repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
460 # and groups set to admin |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
461 #================================================================== |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
462 user.permissions[GLOBAL].add('hg.admin') |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
463 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
464 # repositories |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
465 for perm in default_repo_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
466 r_k = perm.UserRepoToPerm.repository.repo_name |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
467 p = 'repository.admin' |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
468 user.permissions[RK][r_k] = p |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
469 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
470 # repository groups |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
471 for perm in default_repo_groups_perms: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
472 rg_k = perm.UserRepoGroupToPerm.group.group_name |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
473 p = 'group.admin' |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
474 user.permissions[GK][rg_k] = p |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
475 |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
476 # user groups |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
477 for perm in default_user_group_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
478 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
479 p = 'usergroup.admin' |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
480 user.permissions[UK][u_k] = p |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
481 return user |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
482 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
483 #================================================================== |
3653
4c78a0855a17
Fix 'repos group' - it is 'repository group'
Mads Kiilerich <madski@unity3d.com>
parents:
3631
diff
changeset
|
484 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
485 #================================================================== |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
486 uid = user.user_id |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
487 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
488 # default global permissions taken fron the default user |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
489 default_global_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
490 .filter(UserToPerm.user_id == default_user_id) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
491 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
492 for perm in default_global_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
493 user.permissions[GLOBAL].add(perm.permission.permission_name) |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
494 |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
495 # defaults for repositories, taken from default user |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
496 for perm in default_repo_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
497 r_k = perm.UserRepoToPerm.repository.repo_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
498 if perm.Repository.private and not (perm.Repository.user_id == uid): |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
499 # disable defaults for private repos, |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
500 p = 'repository.none' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
501 elif perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
502 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
503 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
504 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
505 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
506 |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
507 user.permissions[RK][r_k] = p |
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
508 |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
509 # defaults for repository groups taken from default user permission |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
510 # on given group |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
511 for perm in default_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
512 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
513 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
514 user.permissions[GK][rg_k] = p |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
515 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
516 # defaults for user groups taken from default user permission |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
517 # on given user group |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
518 for perm in default_user_group_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
519 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
520 p = perm.Permission.permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
521 user.permissions[UK][u_k] = p |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
522 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
523 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
524 # !! OVERRIDE GLOBALS !! with user permissions if any found |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
525 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
526 # those can be configured from groups or users explicitly |
3736
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
527 _configurable = set([ |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
528 'hg.fork.none', 'hg.fork.repository', |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
529 'hg.create.none', 'hg.create.repository', |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
530 'hg.usergroup.create.false', 'hg.usergroup.create.true' |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
531 ]) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
532 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
533 # USER GROUPS comes first |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
534 # user group global permissions |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
535 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
536 .options(joinedload(UserGroupToPerm.permission))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
537 .join((UserGroupMember, UserGroupToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
538 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
539 .filter(UserGroupMember.user_id == uid)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
540 .order_by(UserGroupToPerm.users_group_id)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
541 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
542 #need to group here by groups since user can be in more than one group |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
543 _grouped = [[x, list(y)] for x, y in |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
544 itertools.groupby(user_perms_from_users_groups, |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
545 lambda x:x.users_group)] |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
546 for gr, perms in _grouped: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
547 # since user can be in multiple groups iterate over them and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
548 # select the lowest permissions first (more explicit) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
549 ##TODO: do this^^ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
550 if not gr.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
551 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
552 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
553 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
554 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
555 for perm in perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
556 user.permissions[GLOBAL].add(perm.permission.permission_name) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
557 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
558 # user specific global permissions |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
559 user_perms = self.sa.query(UserToPerm)\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
560 .options(joinedload(UserToPerm.permission))\ |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
561 .filter(UserToPerm.user_id == uid).all() |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
562 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
563 if not user.inherit_default_permissions: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
564 # NEED TO IGNORE all configurable permissions and |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
565 # replace them with explicitly set |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
566 user.permissions[GLOBAL] = user.permissions[GLOBAL]\ |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
567 .difference(_configurable) |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
568 |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
569 for perm in user_perms: |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
570 user.permissions[GLOBAL].add(perm.permission.permission_name) |
3736
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
571 ## END GLOBAL PERMISSIONS |
87e6960e250b
Iteration on default permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
3714
diff
changeset
|
572 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
573 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
574 # !! PERMISSIONS FOR REPOSITORIES !! |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
575 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
576 #====================================================================== |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
577 # check if user is part of user groups for this repository and |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
578 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
579 # permission should be selected based on selected method |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
580 #====================================================================== |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
581 |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
582 # user group for repositories permissions |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
583 user_repo_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
584 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
585 .join((Repository, UserGroupRepoToPerm.repository_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
586 Repository.repo_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
587 .join((Permission, UserGroupRepoToPerm.permission_id == |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
588 Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
589 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
590 UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
591 .filter(UserGroupMember.user_id == uid)\ |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
592 .all() |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
593 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
594 multiple_counter = collections.defaultdict(int) |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
595 for perm in user_repo_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
596 r_k = perm.UserGroupRepoToPerm.repository.repo_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
597 multiple_counter[r_k] += 1 |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
598 p = perm.Permission.permission_name |
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
599 cur_perm = user.permissions[RK][r_k] |
2864
5c1ad3b410e5
fixed #570 explicit users group permissions can overwrite owner permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
2820
diff
changeset
|
600 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
601 if perm.Repository.user_id == uid: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
602 # set admin if owner |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
603 p = 'repository.admin' |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
604 else: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
605 if multiple_counter[r_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
606 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
607 user.permissions[RK][r_k] = p |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
608 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
609 # user explicit permissions for repositories, overrides any specified |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
610 # by the group permission |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
611 user_repo_perms = Permission.get_default_perms(uid) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
612 for perm in user_repo_perms: |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
613 r_k = perm.UserRepoToPerm.repository.repo_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
614 cur_perm = user.permissions[RK][r_k] |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
615 # set admin if owner |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
616 if perm.Repository.user_id == uid: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
617 p = 'repository.admin' |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
618 else: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
619 p = perm.Permission.permission_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
620 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
621 p = _choose_perm(p, cur_perm) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
622 user.permissions[RK][r_k] = p |
1267
d534aff5e82a
user defined permission will update the global permissions, and overwrite default settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
623 |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
624 #====================================================================== |
3410
5f1850e4712a
"Users groups" is grammatically incorrect English - rename to "user groups"
Mads Kiilerich <madski@unity3d.com>
parents:
3401
diff
changeset
|
625 # !! PERMISSIONS FOR REPOSITORY GROUPS !! |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
626 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
627 #====================================================================== |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
628 # check if user is part of user groups for this repository groups and |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
629 # fill in his permission from it. _choose_perm decides of which |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
630 # permission should be selected based on selected method |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
631 #====================================================================== |
3415
b8f929bff7e3
fixed tests and missing replacements from 5f1850e4712a
Marcin Kuzminski <marcin@python-works.com>
parents:
3410
diff
changeset
|
632 # user group for repo groups permissions |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
633 user_repo_group_perms_from_users_groups = \ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
634 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
635 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
636 .join((Permission, UserGroupRepoGroupToPerm.permission_id |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
637 == Permission.permission_id))\ |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
638 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
639 == UserGroupMember.users_group_id))\ |
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
640 .filter(UserGroupMember.user_id == uid)\ |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
641 .all() |
1269
2e7f21429316
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
Marcin Kuzminski <marcin@python-works.com>
parents:
1267
diff
changeset
|
642 |
3096
69b25f1b0b45
switch to defaultdict for counter implementation
Marcin Kuzminski <marcin@python-works.com>
parents:
3094
diff
changeset
|
643 multiple_counter = collections.defaultdict(int) |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
644 for perm in user_repo_group_perms_from_users_groups: |
3417
fa6ba6727475
further cleanup of UsersGroup
Mads Kiilerich <madski@unity3d.com>
parents:
3415
diff
changeset
|
645 g_k = perm.UserGroupRepoGroupToPerm.group.group_name |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
646 multiple_counter[g_k] += 1 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
647 p = perm.Permission.permission_name |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
648 cur_perm = user.permissions[GK][g_k] |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
649 if multiple_counter[g_k] > 1: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
650 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
651 user.permissions[GK][g_k] = p |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
652 |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
653 # user explicit permissions for repository groups |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
654 user_repo_groups_perms = Permission.get_default_group_perms(uid) |
2186
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
655 for perm in user_repo_groups_perms: |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
656 rg_k = perm.UserRepoGroupToPerm.group.group_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
657 p = perm.Permission.permission_name |
7b52c2351231
permission comments + out identation for better readability
Marcin Kuzminski <marcin@python-works.com>
parents:
2153
diff
changeset
|
658 cur_perm = user.permissions[GK][rg_k] |
3094
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
659 if not explicit: |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
660 p = _choose_perm(p, cur_perm) |
b70c6652a0d4
fixed issue #644 When a user is both in read and write group, the permission taken in account is the last saved permission
Marcin Kuzminski <marcin@python-works.com>
parents:
3021
diff
changeset
|
661 user.permissions[GK][rg_k] = p |
2129
43481c3d70ca
#399 added inheritance of permissions for users group on repos groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2124
diff
changeset
|
662 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
663 #====================================================================== |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
664 # !! PERMISSIONS FOR USER GROUPS !! |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
665 #====================================================================== |
3788
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
666 # user group for user group permissions |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
667 user_group_user_groups_perms = \ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
668 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
669 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
670 == UserGroup.users_group_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
671 .join((Permission, UserGroupUserGroupToPerm.permission_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
672 == Permission.permission_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
673 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
674 == UserGroupMember.users_group_id))\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
675 .filter(UserGroupMember.user_id == uid)\ |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
676 .all() |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
677 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
678 multiple_counter = collections.defaultdict(int) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
679 for perm in user_group_user_groups_perms: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
680 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
681 multiple_counter[g_k] += 1 |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
682 p = perm.Permission.permission_name |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
683 cur_perm = user.permissions[UK][g_k] |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
684 if multiple_counter[g_k] > 1: |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
685 p = _choose_perm(p, cur_perm) |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
686 user.permissions[UK][g_k] = p |
d9b89874edf9
UserGroup on UserGroup permissions implementation.
Marcin Kuzminski <marcin@python-works.com>
parents:
3736
diff
changeset
|
687 |
3714
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
688 #user explicit permission for user groups |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
689 user_user_groups_perms = Permission.get_default_user_group_perms(uid) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
690 for perm in user_user_groups_perms: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
691 u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
692 p = perm.Permission.permission_name |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
693 cur_perm = user.permissions[UK][u_k] |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
694 if not explicit: |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
695 p = _choose_perm(p, cur_perm) |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
696 user.permissions[UK][u_k] = p |
7e3d89d9d3a2
- Manage User’s Groups: create, delete, rename, add/remove users inside.
Marcin Kuzminski <marcin@python-works.com>
parents:
3654
diff
changeset
|
697 |
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
698 return user |
1594 | 699 |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
700 def has_perm(self, user, perm): |
2709
d2d35cf2b351
RhodeCode now has a option to explicitly set forking permissions. ref #508
Marcin Kuzminski <marcin@python-works.com>
parents:
2657
diff
changeset
|
701 perm = self._get_perm(perm) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
702 user = self._get_user(user) |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
703 |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
704 return UserToPerm.query().filter(UserToPerm.user == user)\ |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
705 .filter(UserToPerm.permission == perm).scalar() is not None |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
706 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
707 def grant_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
708 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
709 Grant user global permissions |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
710 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
711 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
712 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
713 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
714 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
715 perm = self._get_perm(perm) |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
716 # if this permission is already granted skip it |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
717 _perm = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
718 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
719 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
720 .scalar() |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
721 if _perm: |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
722 return |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
723 new = UserToPerm() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
724 new.user = user |
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
725 new.permission = perm |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
726 self.sa.add(new) |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
727 |
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1734
diff
changeset
|
728 def revoke_perm(self, user, perm): |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
729 """ |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
730 Revoke users global permissions |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
731 |
1982
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
732 :param user: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
733 :param perm: |
87f0800abc7b
#227 Initial version of repository groups permissions system
Marcin Kuzminski <marcin@python-works.com>
parents:
1976
diff
changeset
|
734 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
735 user = self._get_user(user) |
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
736 perm = self._get_perm(perm) |
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1758
diff
changeset
|
737 |
2078
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
738 obj = UserToPerm.query()\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
739 .filter(UserToPerm.user == user)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
740 .filter(UserToPerm.permission == perm)\ |
d4b6c8541bd9
fixes issue when user tried to resubmit same permission into user/user_groups
Marcin Kuzminski <marcin@python-works.com>
parents:
2009
diff
changeset
|
741 .scalar() |
1758
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
742 if obj: |
a87aa385f21c
fixed repo_create permission by adding missing commit statements
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
743 self.sa.delete(obj) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
744 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
745 def add_extra_email(self, user, email): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
746 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
747 Adds email address to UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
748 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
749 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
750 :param email: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
751 """ |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
752 from rhodecode.model import forms |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
753 form = forms.UserExtraEmailForm()() |
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
754 data = form.to_python(dict(email=email)) |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
755 user = self._get_user(user) |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
756 |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
757 obj = UserEmailMap() |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
758 obj.user = user |
2479
9225597688f4
Added validation into user email map
Marcin Kuzminski <marcin@python-works.com>
parents:
2478
diff
changeset
|
759 obj.email = data['email'] |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
760 self.sa.add(obj) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
761 return obj |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
762 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
763 def delete_extra_email(self, user, email_id): |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
764 """ |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
765 Removes email address from UserEmailMap |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
766 |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
767 :param user: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
768 :param email_id: |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
769 """ |
2432
d3ac7491a5c8
Share common getter functions in base model, and remove duplicated functions from other models
Marcin Kuzminski <marcin@python-works.com>
parents:
2330
diff
changeset
|
770 user = self._get_user(user) |
2330
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
771 obj = UserEmailMap.query().get(email_id) |
b0fef8a77568
Added simple UI for admin to manage emails map
Marcin Kuzminski <marcin@python-works.com>
parents:
2278
diff
changeset
|
772 if obj: |
2478
8eab81115660
white space cleanup
Marcin Kuzminski <marcin@python-works.com>
parents:
2467
diff
changeset
|
773 self.sa.delete(obj) |
3125
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
774 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
775 def add_extra_ip(self, user, ip): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
776 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
777 Adds ip address to UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
778 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
779 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
780 :param ip: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
781 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
782 from rhodecode.model import forms |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
783 form = forms.UserExtraIpForm()() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
784 data = form.to_python(dict(ip=ip)) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
785 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
786 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
787 obj = UserIpMap() |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
788 obj.user = user |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
789 obj.ip_addr = data['ip'] |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
790 self.sa.add(obj) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
791 return obj |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
792 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
793 def delete_extra_ip(self, user, ip_id): |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
794 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
795 Removes ip address from UserIpMap |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
796 |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
797 :param user: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
798 :param ip_id: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
799 """ |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
800 user = self._get_user(user) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
801 obj = UserIpMap.query().get(ip_id) |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
802 if obj: |
9b92cf5a0cca
Added UserIpMap interface for allowed IP addresses and IP restriction access
Marcin Kuzminski <marcin@python-works.com>
parents:
3096
diff
changeset
|
803 self.sa.delete(obj) |