Mercurial > kallithea
comparison rhodecode/controllers/admin/repos.py @ 3714:7e3d89d9d3a2 beta
- Manage User’s Groups: create, delete, rename, add/remove users inside.
by user group admin.
In this case, a user's group can be owned by several people thru an owner user's group.
Some refactoring of naming, permission handling logic.
- remove some code duplicity as well as inconsistent naming
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Mon, 08 Apr 2013 22:47:35 +0200 |
| parents | 08cf7741e5e1 |
| children | 25dbbdae3ed9 |
comparison
equal
deleted
inserted
replaced
| 3713:e45f8cefd7d9 | 3714:7e3d89d9d3a2 |
|---|---|
| 44 from rhodecode.lib.helpers import get_token | 44 from rhodecode.lib.helpers import get_token |
| 45 from rhodecode.model.meta import Session | 45 from rhodecode.model.meta import Session |
| 46 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\ | 46 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\ |
| 47 RhodeCodeSetting, RepositoryField | 47 RhodeCodeSetting, RepositoryField |
| 48 from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm | 48 from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm |
| 49 from rhodecode.model.scm import ScmModel, GroupList | 49 from rhodecode.model.scm import ScmModel, RepoGroupList |
| 50 from rhodecode.model.repo import RepoModel | 50 from rhodecode.model.repo import RepoModel |
| 51 from rhodecode.lib.compat import json | 51 from rhodecode.lib.compat import json |
| 52 from sqlalchemy.sql.expression import func | 52 from sqlalchemy.sql.expression import func |
| 53 from rhodecode.lib.exceptions import AttachedForksError | 53 from rhodecode.lib.exceptions import AttachedForksError |
| 54 | 54 |
| 65 @LoginRequired() | 65 @LoginRequired() |
| 66 def __before__(self): | 66 def __before__(self): |
| 67 super(ReposController, self).__before__() | 67 super(ReposController, self).__before__() |
| 68 | 68 |
| 69 def __load_defaults(self): | 69 def __load_defaults(self): |
| 70 acl_groups = GroupList(RepoGroup.query().all(), | 70 acl_groups = RepoGroupList(RepoGroup.query().all(), |
| 71 perm_set=['group.write', 'group.admin']) | 71 perm_set=['group.write', 'group.admin']) |
| 72 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) | 72 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) |
| 73 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) | 73 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) |
| 74 | 74 |
| 75 repo_model = RepoModel() | 75 repo_model = RepoModel() |
| 212 _gr = RepoGroup.get(parent_group) | 212 _gr = RepoGroup.get(parent_group) |
| 213 gr_name = _gr.group_name if _gr else None | 213 gr_name = _gr.group_name if _gr else None |
| 214 if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): | 214 if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): |
| 215 raise HTTPForbidden | 215 raise HTTPForbidden |
| 216 | 216 |
| 217 acl_groups = GroupList(RepoGroup.query().all(), | 217 acl_groups = RepoGroupList(RepoGroup.query().all(), |
| 218 perm_set=['group.write', 'group.admin']) | 218 perm_set=['group.write', 'group.admin']) |
| 219 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) | 219 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) |
| 220 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) | 220 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) |
| 221 choices, c.landing_revs = ScmModel().get_repo_landing_revs() | 221 choices, c.landing_revs = ScmModel().get_repo_landing_revs() |
| 222 | 222 |
| 328 return redirect(url('repos')) | 328 return redirect(url('repos')) |
| 329 | 329 |
| 330 @HasRepoPermissionAllDecorator('repository.admin') | 330 @HasRepoPermissionAllDecorator('repository.admin') |
| 331 def set_repo_perm_member(self, repo_name): | 331 def set_repo_perm_member(self, repo_name): |
| 332 form = RepoPermsForm()().to_python(request.POST) | 332 form = RepoPermsForm()().to_python(request.POST) |
| 333 | 333 RepoModel()._update_permissions(repo_name, form['perms_new'], |
| 334 perms_new = form['perms_new'] | 334 form['perms_updates']) |
| 335 perms_updates = form['perms_updates'] | |
| 336 cur_repo = repo_name | |
| 337 | |
| 338 # update permissions | |
| 339 for member, perm, member_type in perms_updates: | |
| 340 if member_type == 'user': | |
| 341 # this updates existing one | |
| 342 RepoModel().grant_user_permission( | |
| 343 repo=cur_repo, user=member, perm=perm | |
| 344 ) | |
| 345 else: | |
| 346 RepoModel().grant_users_group_permission( | |
| 347 repo=cur_repo, group_name=member, perm=perm | |
| 348 ) | |
| 349 # set new permissions | |
| 350 for member, perm, member_type in perms_new: | |
| 351 if member_type == 'user': | |
| 352 RepoModel().grant_user_permission( | |
| 353 repo=cur_repo, user=member, perm=perm | |
| 354 ) | |
| 355 else: | |
| 356 RepoModel().grant_users_group_permission( | |
| 357 repo=cur_repo, group_name=member, perm=perm | |
| 358 ) | |
| 359 #TODO: implement this | 335 #TODO: implement this |
| 360 #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions', | 336 #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions', |
| 361 # repo_name, self.ip_addr, self.sa) | 337 # repo_name, self.ip_addr, self.sa) |
| 362 Session().commit() | 338 Session().commit() |
| 363 h.flash(_('Repository permissions updated'), category='success') | 339 h.flash(_('Repository permissions updated'), category='success') |