kallithea: rhodecode/model/user.py comparison

comparison rhodecode/model/user.py @ 1512:bf263968da47

merge beta in stable branch

author	Marcin Kuzminski <marcin@python-works.com>
date	Fri, 07 Oct 2011 01:08:50 +0200
parents	a3b2b4b4e440 5875955def39
children	5585609772d0

comparison

equal deleted inserted replaced

-:e058df3ff2b4
+:bf263968da47
 """
 rhodecode.model.user
 ~~~~~~~~~~~~~~~~~~~~
 users model for RhodeCode
 :created_on: Apr 9, 2010
 :author: marcink
 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
 :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 from pylons.i18n.translation import _
 from rhodecode.model import BaseModel
 from rhodecode.model.caching_query import FromCache
-from rhodecode.model.db import User
+from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
+UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
-from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException
+from rhodecode.lib.exceptions import DefaultUserException, \
+UserOwnsReposException
 from sqlalchemy.exc import DatabaseError
+from rhodecode.lib import generate_api_key
+from sqlalchemy.orm import joinedload
 log = logging.getLogger(__name__)
+PERM_WEIGHTS = {'repository.none': 0,
+'repository.read': 1,
+'repository.write': 3,
+'repository.admin': 3}
 class UserModel(BaseModel):
 def get(self, user_id, cache=False):
 user = self.sa.query(User)
 if cache:
 user = user.options(FromCache("sql_cache_short",
 "get_user_%s" % user_id))
 return user.get(user_id)
 def get_by_username(self, username, cache=False, case_insensitive=False):
 if case_insensitive:
 user = self.sa.query(User).filter(User.username.ilike(username))
 if cache:
 user = user.options(FromCache("sql_cache_short",
 "get_user_%s" % username))
 return user.scalar()
+def get_by_api_key(self, api_key, cache=False):
+user = self.sa.query(User)\
+.filter(User.api_key == api_key)
+if cache:
+user = user.options(FromCache("sql_cache_short",
+"get_user_%s" % api_key))
+return user.scalar()
 def create(self, form_data):
 try:
 new_user = User()
 for k, v in form_data.items():
 setattr(new_user, k, v)
+new_user.api_key = generate_api_key(form_data['username'])
 self.sa.add(new_user)
 self.sa.commit()
 except:
 log.error(traceback.format_exc())
 self.sa.rollback()
 raise
-def create_ldap(self, username, password):
+def create_ldap(self, username, password, user_dn, attrs):
 """
 Checks if user is in database, if not creates this user marked
 as ldap user
 :param username:
 :param password:
+:param user_dn:
+:param attrs:
 """
 from rhodecode.lib.auth import get_crypt_password
 log.debug('Checking for such ldap account in RhodeCode database')
 if self.get_by_username(username, case_insensitive=True) is None:
 try:
 new_user = User()
-new_user.username = username.lower()#add ldap account always lowercase
+# add ldap account always lowercase
+new_user.username = username.lower()
 new_user.password = get_crypt_password(password)
-new_user.email = '%s@ldap.server' % username
+new_user.api_key = generate_api_key(username)
+new_user.email = attrs['email']
 new_user.active = True
-new_user.is_ldap = True
+new_user.ldap_dn = user_dn
-new_user.name = '%s@ldap' % username
+new_user.name = attrs['name']
-new_user.lastname = ''
+new_user.lastname = attrs['lastname']
 self.sa.add(new_user)
 self.sa.commit()
 return True
 except (DatabaseError,):
 self.sa.rollback()
 raise
 def update(self, user_id, form_data):
 try:
-new_user = self.get(user_id, cache=False)
+user = self.get(user_id, cache=False)
-if new_user.username == 'default':
+if user.username == 'default':
 raise DefaultUserException(
 _("You can't Edit this user since it's"
 " crucial for entire application"))
 for k, v in form_data.items():
 if k == 'new_password' and v != '':
-new_user.password = v
+user.password = v
+user.api_key = generate_api_key(user.username)
 else:
-setattr(new_user, k, v)
+setattr(user, k, v)
-self.sa.add(new_user)
+self.sa.add(user)
 self.sa.commit()
 except:
 log.error(traceback.format_exc())
 self.sa.rollback()
 raise
 def update_my_account(self, user_id, form_data):
 try:
-new_user = self.get(user_id, cache=False)
+user = self.get(user_id, cache=False)
-if new_user.username == 'default':
+if user.username == 'default':
 raise DefaultUserException(
 _("You can't Edit this user since it's"
 " crucial for entire application"))
 for k, v in form_data.items():
 if k == 'new_password' and v != '':
-new_user.password = v
+user.password = v
+user.api_key = generate_api_key(user.username)
 else:
 if k not in ['admin', 'active']:
-setattr(new_user, k, v)
+setattr(user, k, v)
-self.sa.add(new_user)
+self.sa.add(user)
 self.sa.commit()
 except:
 log.error(traceback.format_exc())
 self.sa.rollback()
 raise
 except:
 log.error(traceback.format_exc())
 self.sa.rollback()
 raise
+def reset_password_link(self, data):
+from rhodecode.lib.celerylib import tasks, run_task
+run_task(tasks.send_password_link, data['email'])
 def reset_password(self, data):
 from rhodecode.lib.celerylib import tasks, run_task
 run_task(tasks.reset_user_password, data['email'])
+def fill_data(self, auth_user, user_id=None, api_key=None):
-def fill_data(self, user):
+"""
-"""
+Fetches auth_user by user_id,or api_key if present.
-Fills user data with those from database and log out user if not
+Fills auth_user attributes with those taken from database.
+Additionally set's is_authenitated if lookup fails
 present in database
-:param user:
-"""
+:param auth_user: instance of user to set attributes
+:param user_id: user id to fetch by
-if not hasattr(user, 'user_id') or user.user_id is None:
+:param api_key: api key to fetch by
-raise Exception('passed in user has to have the user_id attribute')
+"""
+if user_id is None and api_key is None:
+raise Exception('You need to pass user_id or api_key')
-log.debug('filling auth user data')
 try:
-dbuser = self.get(user.user_id)
+if api_key:
-user.username = dbuser.username
+dbuser = self.get_by_api_key(api_key)
-user.is_admin = dbuser.admin
+else:
-user.name = dbuser.name
+dbuser = self.get(user_id)
-user.lastname = dbuser.lastname
-user.email = dbuser.email
+if dbuser is not None:
-except:
+log.debug('filling %s data', dbuser)
-log.error(traceback.format_exc())
+for k, v in dbuser.get_dict().items():
-user.is_authenticated = False
+setattr(auth_user, k, v)
+except:
+log.error(traceback.format_exc())
+auth_user.is_authenticated = False
+return auth_user
+def fill_perms(self, user):
+"""
+Fills user permission attribute with permissions taken from database
+works for permissions given for repositories, and for permissions that
+are granted to groups
+:param user: user instance to fill his perms
+"""
+user.permissions['repositories'] = {}
+user.permissions['global'] = set()
+#======================================================================
+# fetch default permissions
+#======================================================================
+default_user = self.get_by_username('default', cache=True)
+default_perms = self.sa.query(RepoToPerm, Repository, Permission)\
+.join((Repository, RepoToPerm.repository_id ==
+Repository.repo_id))\
+.join((Permission, RepoToPerm.permission_id ==
+Permission.permission_id))\
+.filter(RepoToPerm.user == default_user).all()
+if user.is_admin:
+#==================================================================
+# #admin have all default rights set to admin
+#==================================================================
+user.permissions['global'].add('hg.admin')
+for perm in default_perms:
+p = 'repository.admin'
+user.permissions['repositories'][perm.RepoToPerm.
+repository.repo_name] = p
+else:
+#==================================================================
+# set default permissions
+#==================================================================
+uid = user.user_id
+#default global
+default_global_perms = self.sa.query(UserToPerm)\
+.filter(UserToPerm.user == default_user)
+for perm in default_global_perms:
+user.permissions['global'].add(perm.permission.permission_name)
+#default for repositories
+for perm in default_perms:
+if perm.Repository.private and not (perm.Repository.user_id ==
+uid):
+#diself.sable defaults for private repos,
+p = 'repository.none'
+elif perm.Repository.user_id == uid:
+#set admin if owner
+p = 'repository.admin'
+else:
+p = perm.Permission.permission_name
+user.permissions['repositories'][perm.RepoToPerm.
+repository.repo_name] = p
+#==================================================================
+# overwrite default with user permissions if any
+#==================================================================
+#user global
+user_perms = self.sa.query(UserToPerm)\
+.options(joinedload(UserToPerm.permission))\
+.filter(UserToPerm.user_id == uid).all()
+for perm in user_perms:
+user.permissions['global'].add(perm.permission.
+permission_name)
+#user repositories
+user_repo_perms = self.sa.query(RepoToPerm, Permission,
+Repository)\
+.join((Repository, RepoToPerm.repository_id ==
+Repository.repo_id))\
+.join((Permission, RepoToPerm.permission_id ==
+Permission.permission_id))\
+.filter(RepoToPerm.user_id == uid).all()
+for perm in user_repo_perms:
+# set admin if owner
+if perm.Repository.user_id == uid:
+p = 'repository.admin'
+else:
+p = perm.Permission.permission_name
+user.permissions['repositories'][perm.RepoToPerm.
+repository.repo_name] = p
+#==================================================================
+# check if user is part of groups for this repository and fill in
+# (or replace with higher) permissions
+#==================================================================
+#users group global
+user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
+.options(joinedload(UsersGroupToPerm.permission))\
+.join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
+UsersGroupMember.users_group_id))\
+.filter(UsersGroupMember.user_id == uid).all()
+for perm in user_perms_from_users_groups:
+user.permissions['global'].add(perm.permission.permission_name)
+#users group repositories
+user_repo_perms_from_users_groups = self.sa.query(
+UsersGroupRepoToPerm,
+Permission, Repository,)\
+.join((Repository, UsersGroupRepoToPerm.repository_id ==
+Repository.repo_id))\
+.join((Permission, UsersGroupRepoToPerm.permission_id ==
+Permission.permission_id))\
+.join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
+UsersGroupMember.users_group_id))\
+.filter(UsersGroupMember.user_id == uid).all()
+for perm in user_repo_perms_from_users_groups:
+p = perm.Permission.permission_name
+cur_perm = user.permissions['repositories'][perm.
+UsersGroupRepoToPerm.
+repository.repo_name]
+#overwrite permission only if it's greater than permission
+# given from other sources
+if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
+user.permissions['repositories'][perm.UsersGroupRepoToPerm.
+repository.repo_name] = p
 return user

Mercurial > kallithea

comparison rhodecode/model/user.py @ 1512:bf263968da47