Mercurial > kallithea
comparison rhodecode/lib/auth.py @ 1982:87f0800abc7b beta
#227 Initial version of repository groups permissions system
- implemented none/read/write/admin permissions for groups
- wrote more tests for permissions, and new permissions groups
- a lot of code garden, splitted logic into proper models
- permissions on groups doesn't propagate yet to repositories
- deprecated some methods on api for managing permissions on
repositories for users, and users groups
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Sat, 28 Jan 2012 01:06:29 +0200 |
parents | a76e9bacbedc |
children | 335b55caa81d |
comparison
equal
deleted
inserted
replaced
1981:518f87919375 | 1982:87f0800abc7b |
---|---|
29 import hashlib | 29 import hashlib |
30 | 30 |
31 from tempfile import _RandomNameSequence | 31 from tempfile import _RandomNameSequence |
32 from decorator import decorator | 32 from decorator import decorator |
33 | 33 |
34 from pylons import config, session, url, request | 34 from pylons import config, url, request |
35 from pylons.controllers.util import abort, redirect | 35 from pylons.controllers.util import abort, redirect |
36 from pylons.i18n.translation import _ | 36 from pylons.i18n.translation import _ |
37 | 37 |
38 from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS | 38 from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS |
39 from rhodecode.model.meta import Session | 39 from rhodecode.model.meta import Session |
43 if __platform__ in PLATFORM_OTHERS: | 43 if __platform__ in PLATFORM_OTHERS: |
44 import bcrypt | 44 import bcrypt |
45 | 45 |
46 from rhodecode.lib import str2bool, safe_unicode | 46 from rhodecode.lib import str2bool, safe_unicode |
47 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError | 47 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError |
48 from rhodecode.lib.utils import get_repo_slug | 48 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug |
49 from rhodecode.lib.auth_ldap import AuthLdap | 49 from rhodecode.lib.auth_ldap import AuthLdap |
50 | 50 |
51 from rhodecode.model import meta | 51 from rhodecode.model import meta |
52 from rhodecode.model.user import UserModel | 52 from rhodecode.model.user import UserModel |
53 from rhodecode.model.db import Permission, RhodeCodeSetting, User | 53 from rhodecode.model.db import Permission, RhodeCodeSetting, User |
78 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM | 78 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM |
79 | 79 |
80 def __init__(self, passwd=''): | 80 def __init__(self, passwd=''): |
81 self.passwd = passwd | 81 self.passwd = passwd |
82 | 82 |
83 def gen_password(self, len, type): | 83 def gen_password(self, length, type_): |
84 self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) | 84 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)]) |
85 return self.passwd | 85 return self.passwd |
86 | 86 |
87 | 87 |
88 class RhodeCodeCrypto(object): | 88 class RhodeCodeCrypto(object): |
89 | 89 |
573 if self.required_perms.intersection(user_perms): | 573 if self.required_perms.intersection(user_perms): |
574 return True | 574 return True |
575 return False | 575 return False |
576 | 576 |
577 | 577 |
578 class HasReposGroupPermissionAllDecorator(PermsDecorator): | |
579 """ | |
580 Checks for access permission for all given predicates for specific | |
581 repository. All of them have to be meet in order to fulfill the request | |
582 """ | |
583 | |
584 def check_permissions(self): | |
585 group_name = get_repos_group_slug(request) | |
586 try: | |
587 user_perms = set([self.user_perms['repositories_groups'][group_name]]) | |
588 except KeyError: | |
589 return False | |
590 if self.required_perms.issubset(user_perms): | |
591 return True | |
592 return False | |
593 | |
594 | |
595 class HasReposGroupPermissionAnyDecorator(PermsDecorator): | |
596 """ | |
597 Checks for access permission for any of given predicates for specific | |
598 repository. In order to fulfill the request any of predicates must be meet | |
599 """ | |
600 | |
601 def check_permissions(self): | |
602 group_name = get_repos_group_slug(request) | |
603 | |
604 try: | |
605 user_perms = set([self.user_perms['repositories_groups'][group_name]]) | |
606 except KeyError: | |
607 return False | |
608 if self.required_perms.intersection(user_perms): | |
609 return True | |
610 return False | |
611 | |
612 | |
578 #============================================================================== | 613 #============================================================================== |
579 # CHECK FUNCTIONS | 614 # CHECK FUNCTIONS |
580 #============================================================================== | 615 #============================================================================== |
581 class PermsFunction(object): | 616 class PermsFunction(object): |
582 """Base function for other check functions""" | 617 """Base function for other check functions""" |
639 def check_permissions(self): | 674 def check_permissions(self): |
640 if not self.repo_name: | 675 if not self.repo_name: |
641 self.repo_name = get_repo_slug(request) | 676 self.repo_name = get_repo_slug(request) |
642 | 677 |
643 try: | 678 try: |
644 self.user_perms = set([self.user_perms['reposit' | 679 self.user_perms = set( |
645 'ories'][self.repo_name]]) | 680 [self.user_perms['repositories'][self.repo_name]] |
681 ) | |
646 except KeyError: | 682 except KeyError: |
647 return False | 683 return False |
648 self.granted_for = self.repo_name | 684 self.granted_for = self.repo_name |
649 if self.required_perms.issubset(self.user_perms): | 685 if self.required_perms.issubset(self.user_perms): |
650 return True | 686 return True |
660 def check_permissions(self): | 696 def check_permissions(self): |
661 if not self.repo_name: | 697 if not self.repo_name: |
662 self.repo_name = get_repo_slug(request) | 698 self.repo_name = get_repo_slug(request) |
663 | 699 |
664 try: | 700 try: |
665 self.user_perms = set([self.user_perms['reposi' | 701 self.user_perms = set( |
666 'tories'][self.repo_name]]) | 702 [self.user_perms['repositories'][self.repo_name]] |
703 ) | |
667 except KeyError: | 704 except KeyError: |
668 return False | 705 return False |
669 self.granted_for = self.repo_name | 706 self.granted_for = self.repo_name |
670 if self.required_perms.intersection(self.user_perms): | 707 if self.required_perms.intersection(self.user_perms): |
708 return True | |
709 return False | |
710 | |
711 | |
712 class HasReposGroupPermissionAny(PermsFunction): | |
713 def __call__(self, group_name=None, check_Location=''): | |
714 self.group_name = group_name | |
715 return super(HasReposGroupPermissionAny, self).__call__(check_Location) | |
716 | |
717 def check_permissions(self): | |
718 try: | |
719 self.user_perms = set( | |
720 [self.user_perms['repositories_groups'][self.group_name]] | |
721 ) | |
722 except KeyError: | |
723 return False | |
724 self.granted_for = self.repo_name | |
725 if self.required_perms.intersection(self.user_perms): | |
726 return True | |
727 return False | |
728 | |
729 | |
730 class HasReposGroupPermissionAll(PermsFunction): | |
731 def __call__(self, group_name=None, check_Location=''): | |
732 self.group_name = group_name | |
733 return super(HasReposGroupPermissionAny, self).__call__(check_Location) | |
734 | |
735 def check_permissions(self): | |
736 try: | |
737 self.user_perms = set( | |
738 [self.user_perms['repositories_groups'][self.group_name]] | |
739 ) | |
740 except KeyError: | |
741 return False | |
742 self.granted_for = self.repo_name | |
743 if self.required_perms.issubset(self.user_perms): | |
671 return True | 744 return True |
672 return False | 745 return False |
673 | 746 |
674 | 747 |
675 #============================================================================== | 748 #============================================================================== |