kallithea: rhodecode/lib/auth.py annotate

annotate rhodecode/lib/auth.py @ 749:fcd4fb51526e beta

added debug message for ldap auth

author	Marcin Kuzminski <marcin@python-works.com>
date	Wed, 24 Nov 2010 03:32:53 +0100
parents	88338675a0f7
children	56c2850a5b5f

rev	line source
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	1 #!/usr/bin/env python
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	2 # encoding: utf-8
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	3 # authentication and permission libraries
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	4 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	5 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	6 # This program is free software; you can redistribute it and/or
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	7 # modify it under the terms of the GNU General Public License
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	8 # as published by the Free Software Foundation; version 2
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	9 # of the License or (at your opinion) any later version of the license.
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	10 #
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	11 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	14 # GNU General Public License for more details.
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	15 #
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	16 # You should have received a copy of the GNU General Public License
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	17 # along with this program; if not, write to the Free Software
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	19 # MA 02110-1301, USA.
381 55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	20 """
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	21 Created on April 4, 2010
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	22
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	23 @author: marcink
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	24 """
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	25 from pylons import config, session, url, request
52 25e516447a33 implemented autentication marcink parents: 48 diff changeset	26 from pylons.controllers.util import abort, redirect
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	27 from rhodecode.lib.exceptions import *
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	28 from rhodecode.lib.utils import get_repo_slug
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	29 from rhodecode.lib.auth_ldap import AuthLdap
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	30 from rhodecode.model import meta
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	31 from rhodecode.model.user import UserModel
609 c1c1cf772337 moved out sqlalchemy cache from meta to the config files. Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	32 from rhodecode.model.caching_query import FromCache
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	33 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	34 UserToPerm
415 04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	35 import bcrypt
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	36 from decorator import decorator
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	37 import logging
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	38 import random
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	39 import traceback
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	40
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	41 log = logging.getLogger(__name__)
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	42
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	43 class PasswordGenerator(object):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	44 """This is a simple class for generating password from
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	45 different sets of characters
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	46 usage:
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	47 passwd_gen = PasswordGenerator()
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	48 #print 8-letter password containing only big and small letters of alphabet
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	49 print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	50 """
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	51 ALPHABETS_NUM = r'''1234567890'''#[0]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	52 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	53 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	54 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}\|:"<>?''' #[3]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	55 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	56 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	57 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	58 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	59 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	60
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	61 def __init__(self, passwd=''):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	62 self.passwd = passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	63
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	64 def gen_password(self, len, type):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	65 self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	66 return self.passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	67
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	68
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	69 def get_crypt_password(password):
412 b6a25169c005 fixes #25 removed crypt based password hashing and changed it into sha1 based. Marcin Kuzminski <marcin@python-works.com> parents: 404 diff changeset	70 """Cryptographic function used for password hashing based on sha1
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	71 :param password: password to hash
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	72 """
415 04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	73 return bcrypt.hashpw(password, bcrypt.gensalt(10))
04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	74
04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	75 def check_password(password, hashed):
04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	76 return bcrypt.hashpw(password, hashed) == hashed
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	77
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	78 def authfunc(environ, username, password):
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	79 """
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	80 Authentication function used in Mercurial/Git/ and access control,
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	81 firstly checks for db authentication then if ldap is enabled for ldap
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	82 authentication, also creates ldap user if not in database
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	83
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	84 :param environ: needed only for using in Basic auth, can be None
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	85 :param username: username
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	86 :param password: password
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	87 """
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	88 user_model = UserModel()
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	89 user = user_model.get_by_username(username, cache=False)
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	90
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	91 if user is not None and user.is_ldap is False:
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	92 if user.active:
674 99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	93
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	94 if user.username == 'default' and user.active:
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	95 log.info('user %s authenticated correctly', username)
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	96 return True
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	97
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	98 elif user.username == username and check_password(password, user.password):
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	99 log.info('user %s authenticated correctly', username)
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	100 return True
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	101 else:
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	102 log.error('user %s is disabled', username)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	103
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	104
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	105 else:
741 54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	106
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	107 #since ldap is searching in case insensitive check if this user is still
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	108 #not in our system
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	109 username = username.lower()
742 1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 741 diff changeset	110 user_obj = user_model.get_by_username(username, cache=False,
1377a9d4bdb9 #78, fixed more reliable case insensitive searches Marcin Kuzminski <marcin@python-works.com> parents: 741 diff changeset	111 case_insensitive=True)
748 88338675a0f7 fixed ldap issue and small template fix Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	112 if user_obj is not None and user_obj.is_ldap is False:
749 fcd4fb51526e added debug message for ldap auth Marcin Kuzminski <marcin@python-works.com> parents: 748 diff changeset	113 log.debug('this user already exists as non ldap')
748 88338675a0f7 fixed ldap issue and small template fix Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	114 return False
88338675a0f7 fixed ldap issue and small template fix Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	115
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	116 from rhodecode.model.settings import SettingsModel
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	117 ldap_settings = SettingsModel().get_ldap_settings()
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	118
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	119 #======================================================================
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	120 # FALLBACK TO LDAP AUTH IN ENABLE
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	121 #======================================================================
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	122 if ldap_settings.get('ldap_active', False):
748 88338675a0f7 fixed ldap issue and small template fix Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	123
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	124 kwargs = {
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	125 'server':ldap_settings.get('ldap_host', ''),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	126 'base_dn':ldap_settings.get('ldap_base_dn', ''),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	127 'port':ldap_settings.get('ldap_port'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	128 'bind_dn':ldap_settings.get('ldap_dn_user'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	129 'bind_pass':ldap_settings.get('ldap_dn_pass'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	130 'use_ldaps':ldap_settings.get('ldap_ldaps'),
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	131 'ldap_version':3,
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	132 }
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	133 log.debug('Checking for ldap authentication')
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	134 try:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	135 aldap = AuthLdap(**kwargs)
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	136 res = aldap.authenticate_ldap(username, password)
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	137
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	138 authenticated = res[1]['uid'][0] == username
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	139
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	140 if authenticated and user_model.create_ldap(username, password):
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	141 log.info('created new ldap user')
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	142
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	143 return authenticated
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	144 except (LdapUsernameError, LdapPasswordError):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	145 return False
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	146 except:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	147 log.error(traceback.format_exc())
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	148 return False
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	149 return False
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	150
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	151 class AuthUser(object):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	152 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	153 A simple object that handles a mercurial username for authentication
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	154 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	155 def __init__(self):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	156 self.username = 'None'
355 5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	157 self.name = ''
5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	158 self.lastname = ''
404 a10bdd0b05a7 fixed user email for gravatars Marcin Kuzminski <marcin@python-works.com> parents: 399 diff changeset	159 self.email = ''
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	160 self.user_id = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	161 self.is_authenticated = False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	162 self.is_admin = False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	163 self.permissions = {}
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	164
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	165 def __repr__(self):
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	166 return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	167
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	168 def set_available_permissions(config):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	169 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	170 This function will propagate pylons globals with all available defined
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	171 permission given in db. We don't wannt to check each time from db for new
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	172 permissions since adding a new permission also requires application restart
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	173 ie. to decorate new views with the newly created permission
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	174 :param config:
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	175 """
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	176 log.info('getting information about all available permissions')
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	177 try:
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	178 sa = meta.Session()
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	179 all_perms = sa.query(Permission).all()
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	180 except:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	181 pass
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	182 finally:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	183 meta.Session.remove()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	184
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	185 config['available_permissions'] = [x.permission_name for x in all_perms]
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	186
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	187 def set_base_path(config):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	188 config['base_path'] = config['pylons.app_globals'].base_path
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	189
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	190
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	191 def fill_perms(user):
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	192 """
a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	193 Fills user permission attribute with permissions taken from database
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	194 :param user:
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	195 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	196
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	197 sa = meta.Session()
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	198 user.permissions['repositories'] = {}
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	199 user.permissions['global'] = set()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	200
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	201 #===========================================================================
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	202 # fetch default permissions
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	203 #===========================================================================
692 cb0d9ce6ac5c #50 on point cache invalidation changes. Marcin Kuzminski <marcin@python-works.com> parents: 686 diff changeset	204 default_user = UserModel().get_by_username('default', cache=True)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	205
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	206 default_perms = sa.query(RepoToPerm, Repository, Permission)\
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	207 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	208 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
609 c1c1cf772337 moved out sqlalchemy cache from meta to the config files. Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	209 .filter(RepoToPerm.user == default_user).all()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	210
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	211 if user.is_admin:
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	212 #=======================================================================
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	213 # #admin have all default rights set to admin
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	214 #=======================================================================
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	215 user.permissions['global'].add('hg.admin')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	216
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	217 for perm in default_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	218 p = 'repository.admin'
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	219 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	220
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	221 else:
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	222 #=======================================================================
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	223 # set default permissions
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	224 #=======================================================================
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	225
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	226 #default global
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	227 default_global_perms = sa.query(UserToPerm)\
741 54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	228 .filter(UserToPerm.user == sa.query(User)\
54684e071457 fixes issue #78, ldap makes user validation caseInsensitive Marcin Kuzminski <marcin@python-works.com> parents: 713 diff changeset	229 .filter(User.username == 'default').one())
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	230
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	231 for perm in default_global_perms:
16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	232 user.permissions['global'].add(perm.permission.permission_name)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	233
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	234 #default repositories
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	235 for perm in default_perms:
380 ca54622e39a1 Added separate create repository views for non administrative users. Marcin Kuzminski <marcin@python-works.com> parents: 377 diff changeset	236 if perm.Repository.private and not perm.Repository.user_id == user.user_id:
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	237 #disable defaults for private repos,
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	238 p = 'repository.none'
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	239 elif perm.Repository.user_id == user.user_id:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	240 #set admin if owner
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	241 p = 'repository.admin'
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	242 else:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	243 p = perm.Permission.permission_name
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	244
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	245 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	246
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	247 #=======================================================================
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	248 # #overwrite default with user permissions if any
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	249 #=======================================================================
423 16253f330094 fixes #30. Rewrite default permissions query + some other small fixes Marcin Kuzminski <marcin@python-works.com> parents: 418 diff changeset	250 user_perms = sa.query(RepoToPerm, Permission, Repository)\
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	251 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	252 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	253 .filter(RepoToPerm.user_id == user.user_id).all()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	254
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	255 for perm in user_perms:
417 3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	256 if perm.Repository.user_id == user.user_id:#set admin if owner
3ed2d46a2ca7 permission refactoring, Marcin Kuzminski <marcin@python-works.com> parents: 415 diff changeset	257 p = 'repository.admin'
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	258 else:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	259 p = perm.Permission.permission_name
399 f5c1eec9f376 rename repo2perm into repo_to_perm Marcin Kuzminski <marcin@python-works.com> parents: 382 diff changeset	260 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	261 meta.Session.remove()
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	262 return user
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	263
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	264 def get_user(session):
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	265 """
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	266 Gets user from session, and wraps permissions into user
604 5cc96df705b9 fixed @repo into :repo for docs Marcin Kuzminski <marcin@python-works.com> parents: 564 diff changeset	267 :param session:
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	268 """
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	269 user = session.get('rhodecode_user', AuthUser())
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	270 #if the user is not logged in we check for anonymous access
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	271 #if user is logged and it's a default user check if we still have anonymous
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	272 #access enabled
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	273 if user.user_id is None or user.username == 'default':
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	274 anonymous_user = UserModel().get_by_username('default', cache=True)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	275 if anonymous_user.active is True:
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	276 #then we set this user is logged in
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	277 user.is_authenticated = True
686 ff6a8196ebfe fixed anonymous access bug. Marcin Kuzminski <marcin@python-works.com> parents: 674 diff changeset	278 user.user_id = anonymous_user.user_id
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	279 else:
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	280 user.is_authenticated = False
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	281
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	282 if user.is_authenticated:
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	283 user = UserModel().fill_data(user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	284
412 b6a25169c005 fixes #25 removed crypt based password hashing and changed it into sha1 based. Marcin Kuzminski <marcin@python-works.com> parents: 404 diff changeset	285 user = fill_perms(user)
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	286 session['rhodecode_user'] = user
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	287 session.save()
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	288 return user
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	289
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	290 #===============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	291 # CHECK DECORATORS
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	292 #===============================================================================
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	293 class LoginRequired(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	294 """Must be logged in to execute this function else redirect to login page"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	295
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	296 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	297 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	298
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	299 def __wrapper(self, func, fargs, *fkwargs):
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	300 user = session.get('rhodecode_user', AuthUser())
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	301 log.debug('Checking login required for user:%s', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	302 if user.is_authenticated:
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	303 log.debug('user %s is authenticated', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	304 return func(fargs, *fkwargs)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	305 else:
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	306 log.warn('user %s not authenticated', user.username)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	307
508 fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	308 p = ''
fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	309 if request.environ.get('SCRIPT_NAME') != '/':
fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	310 p += request.environ.get('SCRIPT_NAME')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	311
508 fdb78a140ae4 fixes #35 hg-app does not respect SCRIPT_NAME Marcin Kuzminski <marcin@python-works.com> parents: 474 diff changeset	312 p += request.environ.get('PATH_INFO')
437 930f8182a884 Added redirection to page that request came from, after login in Marcin Kuzminski <marcin@python-works.com> parents: 424 diff changeset	313 if request.environ.get('QUERY_STRING'):
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	314 p += '?' + request.environ.get('QUERY_STRING')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	315
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	316 log.debug('redirecting to login page with %s', p)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	317 return redirect(url('login_home', came_from=p))
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	318
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	319 class PermsDecorator(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	320 """Base class for decorators"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	321
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	322 def __init__(self, *required_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	323 available_perms = config['available_permissions']
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	324 for perm in required_perms:
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	325 if perm not in available_perms:
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	326 raise Exception("'%s' permission is not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	327 self.required_perms = set(required_perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	328 self.user_perms = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	329
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	330 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	331 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	332
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	333
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	334 def __wrapper(self, func, fargs, *fkwargs):
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	335 # _wrapper.__name__ = func.__name__
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	336 # _wrapper.__dict__.update(func.__dict__)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	337 # _wrapper.__doc__ = func.__doc__
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	338 self.user = session.get('rhodecode_user', AuthUser())
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	339 self.user_perms = self.user.permissions
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	340 log.debug('checking %s permissions %s for %s %s',
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	341 self.__class__.__name__, self.required_perms, func.__name__,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	342 self.user)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	343
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	344 if self.check_permissions():
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	345 log.debug('Permission granted for %s %s', func.__name__, self.user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	346
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	347 return func(fargs, *fkwargs)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	348
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	349 else:
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	350 log.warning('Permission denied for %s %s', func.__name__, self.user)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	351 #redirect with forbidden ret code
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	352 return abort(403)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	353
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	354
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	355
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	356 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	357 """Dummy function for overriding"""
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	358 raise Exception('You have to write this function in child class')
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	359
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	360 class HasPermissionAllDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	361 """Checks for access permission for all given predicates. All of them
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	362 have to be meet in order to fulfill the request
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	363 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	364
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	365 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	366 if self.required_perms.issubset(self.user_perms.get('global')):
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	367 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	368 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	369
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	370
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	371 class HasPermissionAnyDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	372 """Checks for access permission for any of given predicates. In order to
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	373 fulfill the request any of predicates must be meet
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	374 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	375
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	376 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	377 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	378 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	379 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	380
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	381 class HasRepoPermissionAllDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	382 """Checks for access permission for all given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	383 repository. All of them have to be meet in order to fulfill the request
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	384 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	385
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	386 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	387 repo_name = get_repo_slug(request)
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	388 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	389 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	390 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	391 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	392 if self.required_perms.issubset(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	393 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	394 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	395
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	396
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	397 class HasRepoPermissionAnyDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	398 """Checks for access permission for any of given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	399 repository. In order to fulfill the request any of predicates must be meet
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	400 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	401
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	402 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	403 repo_name = get_repo_slug(request)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	404
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	405 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	406 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	407 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	408 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	409 if self.required_perms.intersection(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	410 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	411 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	412 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	413 # CHECK FUNCTIONS
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	414 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	415
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	416 class PermsFunction(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	417 """Base function for other check functions"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	418
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	419 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	420 available_perms = config['available_permissions']
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	421
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	422 for perm in perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	423 if perm not in available_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	424 raise Exception("'%s' permission in not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	425 self.required_perms = set(perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	426 self.user_perms = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	427 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	428 self.repo_name = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	429
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	430 def __call__(self, check_Location=''):
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	431 user = session.get('rhodecode_user', False)
333 f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	432 if not user:
f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	433 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	434 self.user_perms = user.permissions
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	435 self.granted_for = user.username
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	436 log.debug('checking %s %s %s', self.__class__.__name__,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	437 self.required_perms, user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	438
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	439 if self.check_permissions():
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	440 log.debug('Permission granted for %s @ %s %s', self.granted_for,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	441 check_Location, user)
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	442 return True
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	443
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	444 else:
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	445 log.warning('Permission denied for %s @ %s %s', self.granted_for,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	446 check_Location, user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	447 return False
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	448
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	449 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	450 """Dummy function for overriding"""
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	451 raise Exception('You have to write this function in child class')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	452
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	453 class HasPermissionAll(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	454 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	455 if self.required_perms.issubset(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	456 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	457 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	458
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	459 class HasPermissionAny(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	460 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	461 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	462 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	463 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	464
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	465 class HasRepoPermissionAll(PermsFunction):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	466
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	467 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	468 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	469 return super(HasRepoPermissionAll, self).__call__(check_Location)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	470
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	471 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	472 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	473 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	474
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	475 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	476 self.user_perms = set([self.user_perms['repositories']\
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	477 [self.repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	478 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	479 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	480 self.granted_for = self.repo_name
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	481 if self.required_perms.issubset(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	482 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	483 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	484
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	485 class HasRepoPermissionAny(PermsFunction):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	486
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	487 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	488 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	489 return super(HasRepoPermissionAny, self).__call__(check_Location)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	490
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	491 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	492 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	493 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	494
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	495 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	496 self.user_perms = set([self.user_perms['repositories']\
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	497 [self.repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	498 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	499 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	500 self.granted_for = self.repo_name
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	501 if self.required_perms.intersection(self.user_perms):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	502 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	503 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	504
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	505 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	506 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	507 #===============================================================================
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	508
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	509 class HasPermissionAnyMiddleware(object):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	510 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	511 self.required_perms = set(perms)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	512
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	513 def __call__(self, user, repo_name):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	514 usr = AuthUser()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	515 usr.user_id = user.user_id
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	516 usr.username = user.username
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	517 usr.is_admin = user.admin
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	518
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	519 try:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	520 self.user_perms = set([fill_perms(usr)\
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	521 .permissions['repositories'][repo_name]])
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	522 except:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	523 self.user_perms = set()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	524 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	525 self.username = user.username
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	526 self.repo_name = repo_name
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	527 return self.check_permissions()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	528
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	529 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	530 log.debug('checking mercurial protocol '
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	531 'permissions for user:%s repository:%s',
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	532 self.username, self.repo_name)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	533 if self.required_perms.intersection(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	534 log.debug('permission granted')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	535 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	536 log.debug('permission denied')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	537 return False

Mercurial > kallithea

annotate rhodecode/lib/auth.py @ 749:fcd4fb51526e beta