Mercurial > kallithea

comparison rhodecode/lib/auth.py @ 2125:097327aaf2ad beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
more detailed logging on auth system - docs updates for debugging - code garden
author Marcin Kuzminski <marcin@python-works.com>
date Tue, 13 Mar 2012 02:40:34 +0200
parents 8ecfed1d8f8b
children dc2584ba5fbc 24095abde696
comparison
equal deleted inserted replaced
2124:273ce1a99c3f 2125:097327aaf2ad
519 def __wrapper(self, func, *fargs, **fkwargs): 519 def __wrapper(self, func, *fargs, **fkwargs):
520 cls = fargs[0] 520 cls = fargs[0]
521 self.user = cls.rhodecode_user 521 self.user = cls.rhodecode_user
522 self.user_perms = self.user.permissions 522 self.user_perms = self.user.permissions
523 log.debug('checking %s permissions %s for %s %s', 523 log.debug('checking %s permissions %s for %s %s',
524 self.__class__.__name__, self.required_perms, cls, 524 self.__class__.__name__, self.required_perms, cls, self.user)
525 self.user)
526 525
527 if self.check_permissions(): 526 if self.check_permissions():
528 log.debug('Permission granted for %s %s' % (cls, self.user)) 527 log.debug('Permission granted for %s %s' % (cls, self.user))
529 return func(*fargs, **fkwargs) 528 return func(*fargs, **fkwargs)
530 529
602 601
603 try: 602 try:
604 user_perms = set([self.user_perms['repositories'][repo_name]]) 603 user_perms = set([self.user_perms['repositories'][repo_name]])
605 except KeyError: 604 except KeyError:
606 return False 605 return False
606
607 if self.required_perms.intersection(user_perms): 607 if self.required_perms.intersection(user_perms):
608 return True 608 return True
609 return False 609 return False
610 610
611 611
656 for perm in perms: 656 for perm in perms:
657 if perm not in available_perms: 657 if perm not in available_perms:
658 raise Exception("'%s' permission is not defined" % perm) 658 raise Exception("'%s' permission is not defined" % perm)
659 self.required_perms = set(perms) 659 self.required_perms = set(perms)
660 self.user_perms = None 660 self.user_perms = None
661 self.granted_for = ''
662 self.repo_name = None 661 self.repo_name = None
662 self.group_name = None
663 663
664 def __call__(self, check_Location=''): 664 def __call__(self, check_Location=''):
665 user = request.user 665 user = request.user
666 log.debug('checking %s %s %s', self.__class__.__name__, 666 cls_name = self.__class__.__name__
667 self.required_perms, user) 667 check_scope = {
668 'HasPermissionAll': '',
669 'HasPermissionAny': '',
670 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
671 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
672 'HasReposGroupPermissionAll': 'group:%s' % self.group_name,
673 'HasReposGroupPermissionAny': 'group:%s' % self.group_name,
674 }.get(cls_name, '?')
675 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
676 self.required_perms, user, check_scope,
677 check_Location or 'unspecified location')
668 if not user: 678 if not user:
669 log.debug('Empty request user') 679 log.debug('Empty request user')
670 return False 680 return False
671 self.user_perms = user.permissions 681 self.user_perms = user.permissions
672 self.granted_for = user
673
674 if self.check_permissions(): 682 if self.check_permissions():
675 log.debug('Permission granted %s @ %s', self.granted_for, 683 log.debug('Permission granted for user: %s @ %s', user,
676 check_Location or 'unspecified location') 684 check_Location or 'unspecified location')
677 return True 685 return True
678 686
679 else: 687 else:
680 log.debug('Permission denied for %s @ %s', self.granted_for, 688 log.debug('Permission denied for user: %s @ %s', user,
681 check_Location or 'unspecified location') 689 check_Location or 'unspecified location')
682 return False 690 return False
683 691
684 def check_permissions(self): 692 def check_permissions(self):
685 """Dummy function for overriding""" 693 """Dummy function for overriding"""
699 return True 707 return True
700 return False 708 return False
701 709
702 710
703 class HasRepoPermissionAll(PermsFunction): 711 class HasRepoPermissionAll(PermsFunction):
704
705 def __call__(self, repo_name=None, check_Location=''): 712 def __call__(self, repo_name=None, check_Location=''):
706 self.repo_name = repo_name 713 self.repo_name = repo_name
707 return super(HasRepoPermissionAll, self).__call__(check_Location) 714 return super(HasRepoPermissionAll, self).__call__(check_Location)
708 715
709 def check_permissions(self): 716 def check_permissions(self):
710 if not self.repo_name: 717 if not self.repo_name:
711 self.repo_name = get_repo_slug(request) 718 self.repo_name = get_repo_slug(request)
712 719
713 try: 720 try:
714 self.user_perms = set( 721 self._user_perms = set(
715 [self.user_perms['repositories'][self.repo_name]] 722 [self.user_perms['repositories'][self.repo_name]]
716 ) 723 )
717 except KeyError: 724 except KeyError:
718 return False 725 return False
719 self.granted_for = self.repo_name 726 if self.required_perms.issubset(self._user_perms):
720 if self.required_perms.issubset(self.user_perms):
721 return True 727 return True
722 return False 728 return False
723 729
724 730
725 class HasRepoPermissionAny(PermsFunction): 731 class HasRepoPermissionAny(PermsFunction):
726
727 def __call__(self, repo_name=None, check_Location=''): 732 def __call__(self, repo_name=None, check_Location=''):
728 self.repo_name = repo_name 733 self.repo_name = repo_name
729 return super(HasRepoPermissionAny, self).__call__(check_Location) 734 return super(HasRepoPermissionAny, self).__call__(check_Location)
730 735
731 def check_permissions(self): 736 def check_permissions(self):
732 if not self.repo_name: 737 if not self.repo_name:
733 self.repo_name = get_repo_slug(request) 738 self.repo_name = get_repo_slug(request)
734 739
735 try: 740 try:
736 self.user_perms = set( 741 self._user_perms = set(
737 [self.user_perms['repositories'][self.repo_name]] 742 [self.user_perms['repositories'][self.repo_name]]
738 ) 743 )
739 except KeyError: 744 except KeyError:
740 return False 745 return False
741 self.granted_for = self.repo_name 746 if self.required_perms.intersection(self._user_perms):
742 if self.required_perms.intersection(self.user_perms):
743 return True 747 return True
744 return False 748 return False
745 749
746 750
747 class HasReposGroupPermissionAny(PermsFunction): 751 class HasReposGroupPermissionAny(PermsFunction):
749 self.group_name = group_name 753 self.group_name = group_name
750 return super(HasReposGroupPermissionAny, self).__call__(check_Location) 754 return super(HasReposGroupPermissionAny, self).__call__(check_Location)
751 755
752 def check_permissions(self): 756 def check_permissions(self):
753 try: 757 try:
754 self.user_perms = set( 758 self._user_perms = set(
755 [self.user_perms['repositories_groups'][self.group_name]] 759 [self.user_perms['repositories_groups'][self.group_name]]
756 ) 760 )
757 except KeyError: 761 except KeyError:
758 return False 762 return False
759 self.granted_for = self.repo_name 763 if self.required_perms.intersection(self._user_perms):
760 if self.required_perms.intersection(self.user_perms):
761 return True 764 return True
762 return False 765 return False
763 766
764 767
765 class HasReposGroupPermissionAll(PermsFunction): 768 class HasReposGroupPermissionAll(PermsFunction):
767 self.group_name = group_name 770 self.group_name = group_name
768 return super(HasReposGroupPermissionAny, self).__call__(check_Location) 771 return super(HasReposGroupPermissionAny, self).__call__(check_Location)
769 772
770 def check_permissions(self): 773 def check_permissions(self):
771 try: 774 try:
772 self.user_perms = set( 775 self._user_perms = set(
773 [self.user_perms['repositories_groups'][self.group_name]] 776 [self.user_perms['repositories_groups'][self.group_name]]
774 ) 777 )
775 except KeyError: 778 except KeyError:
776 return False 779 return False
777 self.granted_for = self.repo_name 780 if self.required_perms.issubset(self._user_perms):
778 if self.required_perms.issubset(self.user_perms):
779 return True 781 return True
780 return False 782 return False
781 783
782 784
783 #============================================================================== 785 #==============================================================================
796 self.user_perms = set([usr.permissions['repositories'][repo_name]]) 798 self.user_perms = set([usr.permissions['repositories'][repo_name]])
797 except Exception: 799 except Exception:
798 log.error('Exception while accessing permissions %s' % 800 log.error('Exception while accessing permissions %s' %
799 traceback.format_exc()) 801 traceback.format_exc())
800 self.user_perms = set() 802 self.user_perms = set()
801 self.granted_for = ''
802 self.username = user.username 803 self.username = user.username
803 self.repo_name = repo_name 804 self.repo_name = repo_name
804 return self.check_permissions() 805 return self.check_permissions()
805 806
806 def check_permissions(self): 807 def check_permissions(self):
807 log.debug('checking mercurial protocol ' 808 log.debug('checking mercurial protocol '
808 'permissions %s for user:%s repository:%s', self.user_perms, 809 'permissions %s for user:%s repository:%s', self.user_perms,
809 self.username, self.repo_name) 810 self.username, self.repo_name)
810 if self.required_perms.intersection(self.user_perms): 811 if self.required_perms.intersection(self.user_perms):
811 log.debug('permission granted') 812 log.debug('permission granted for user:%s on repo:%s' % (
812 return True 813 self.username, self.repo_name
813 log.debug('permission denied') 814 )
814 return False 815 )
816 return True
817 log.debug('permission denied for user:%s on repo:%s' % (
818 self.username, self.repo_name
819 )
820 )
821 return False