Mercurial > kallithea

comparison rhodecode/lib/auth.py @ 1982:87f0800abc7b beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
#227 Initial version of repository groups permissions system - implemented none/read/write/admin permissions for groups - wrote more tests for permissions, and new permissions groups - a lot of code garden, splitted logic into proper models - permissions on groups doesn't propagate yet to repositories - deprecated some methods on api for managing permissions on repositories for users, and users groups
author Marcin Kuzminski <marcin@python-works.com>
date Sat, 28 Jan 2012 01:06:29 +0200
parents a76e9bacbedc
children 335b55caa81d
comparison
equal deleted inserted replaced
1981:518f87919375 1982:87f0800abc7b
29 import hashlib 29 import hashlib
30 30
31 from tempfile import _RandomNameSequence 31 from tempfile import _RandomNameSequence
32 from decorator import decorator 32 from decorator import decorator
33 33
34 from pylons import config, session, url, request 34 from pylons import config, url, request
35 from pylons.controllers.util import abort, redirect 35 from pylons.controllers.util import abort, redirect
36 from pylons.i18n.translation import _ 36 from pylons.i18n.translation import _
37 37
38 from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS 38 from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS
39 from rhodecode.model.meta import Session 39 from rhodecode.model.meta import Session
43 if __platform__ in PLATFORM_OTHERS: 43 if __platform__ in PLATFORM_OTHERS:
44 import bcrypt 44 import bcrypt
45 45
46 from rhodecode.lib import str2bool, safe_unicode 46 from rhodecode.lib import str2bool, safe_unicode
47 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError 47 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
48 from rhodecode.lib.utils import get_repo_slug 48 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
49 from rhodecode.lib.auth_ldap import AuthLdap 49 from rhodecode.lib.auth_ldap import AuthLdap
50 50
51 from rhodecode.model import meta 51 from rhodecode.model import meta
52 from rhodecode.model.user import UserModel 52 from rhodecode.model.user import UserModel
53 from rhodecode.model.db import Permission, RhodeCodeSetting, User 53 from rhodecode.model.db import Permission, RhodeCodeSetting, User
78 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM 78 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
79 79
80 def __init__(self, passwd=''): 80 def __init__(self, passwd=''):
81 self.passwd = passwd 81 self.passwd = passwd
82 82
83 def gen_password(self, len, type): 83 def gen_password(self, length, type_):
84 self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) 84 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
85 return self.passwd 85 return self.passwd
86 86
87 87
88 class RhodeCodeCrypto(object): 88 class RhodeCodeCrypto(object):
89 89
573 if self.required_perms.intersection(user_perms): 573 if self.required_perms.intersection(user_perms):
574 return True 574 return True
575 return False 575 return False
576 576
577 577
578 class HasReposGroupPermissionAllDecorator(PermsDecorator):
579 """
580 Checks for access permission for all given predicates for specific
581 repository. All of them have to be meet in order to fulfill the request
582 """
583
584 def check_permissions(self):
585 group_name = get_repos_group_slug(request)
586 try:
587 user_perms = set([self.user_perms['repositories_groups'][group_name]])
588 except KeyError:
589 return False
590 if self.required_perms.issubset(user_perms):
591 return True
592 return False
593
594
595 class HasReposGroupPermissionAnyDecorator(PermsDecorator):
596 """
597 Checks for access permission for any of given predicates for specific
598 repository. In order to fulfill the request any of predicates must be meet
599 """
600
601 def check_permissions(self):
602 group_name = get_repos_group_slug(request)
603
604 try:
605 user_perms = set([self.user_perms['repositories_groups'][group_name]])
606 except KeyError:
607 return False
608 if self.required_perms.intersection(user_perms):
609 return True
610 return False
611
612
578 #============================================================================== 613 #==============================================================================
579 # CHECK FUNCTIONS 614 # CHECK FUNCTIONS
580 #============================================================================== 615 #==============================================================================
581 class PermsFunction(object): 616 class PermsFunction(object):
582 """Base function for other check functions""" 617 """Base function for other check functions"""
639 def check_permissions(self): 674 def check_permissions(self):
640 if not self.repo_name: 675 if not self.repo_name:
641 self.repo_name = get_repo_slug(request) 676 self.repo_name = get_repo_slug(request)
642 677
643 try: 678 try:
644 self.user_perms = set([self.user_perms['reposit' 679 self.user_perms = set(
645 'ories'][self.repo_name]]) 680 [self.user_perms['repositories'][self.repo_name]]
681 )
646 except KeyError: 682 except KeyError:
647 return False 683 return False
648 self.granted_for = self.repo_name 684 self.granted_for = self.repo_name
649 if self.required_perms.issubset(self.user_perms): 685 if self.required_perms.issubset(self.user_perms):
650 return True 686 return True
660 def check_permissions(self): 696 def check_permissions(self):
661 if not self.repo_name: 697 if not self.repo_name:
662 self.repo_name = get_repo_slug(request) 698 self.repo_name = get_repo_slug(request)
663 699
664 try: 700 try:
665 self.user_perms = set([self.user_perms['reposi' 701 self.user_perms = set(
666 'tories'][self.repo_name]]) 702 [self.user_perms['repositories'][self.repo_name]]
703 )
667 except KeyError: 704 except KeyError:
668 return False 705 return False
669 self.granted_for = self.repo_name 706 self.granted_for = self.repo_name
670 if self.required_perms.intersection(self.user_perms): 707 if self.required_perms.intersection(self.user_perms):
708 return True
709 return False
710
711
712 class HasReposGroupPermissionAny(PermsFunction):
713 def __call__(self, group_name=None, check_Location=''):
714 self.group_name = group_name
715 return super(HasReposGroupPermissionAny, self).__call__(check_Location)
716
717 def check_permissions(self):
718 try:
719 self.user_perms = set(
720 [self.user_perms['repositories_groups'][self.group_name]]
721 )
722 except KeyError:
723 return False
724 self.granted_for = self.repo_name
725 if self.required_perms.intersection(self.user_perms):
726 return True
727 return False
728
729
730 class HasReposGroupPermissionAll(PermsFunction):
731 def __call__(self, group_name=None, check_Location=''):
732 self.group_name = group_name
733 return super(HasReposGroupPermissionAny, self).__call__(check_Location)
734
735 def check_permissions(self):
736 try:
737 self.user_perms = set(
738 [self.user_perms['repositories_groups'][self.group_name]]
739 )
740 except KeyError:
741 return False
742 self.granted_for = self.repo_name
743 if self.required_perms.issubset(self.user_perms):
671 return True 744 return True
672 return False 745 return False
673 746
674 747
675 #============================================================================== 748 #==============================================================================