Mercurial > kallithea
comparison rhodecode/controllers/admin/users.py @ 2709:d2d35cf2b351 beta
RhodeCode now has a option to explicitly set forking permissions. ref #508
- changed the way permissons on users groups behave. Now explicit set on user
is more important than permission set on users group
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Fri, 10 Aug 2012 03:09:36 +0200 |
| parents | 4eef5eeb81a3 |
| children | 63e58ef80ef1 b2b93614a7cd |
comparison
equal
deleted
inserted
replaced
| 2708:9bce679a3f49 | 2709:d2d35cf2b351 |
|---|---|
| 31 from formencode import htmlfill | 31 from formencode import htmlfill |
| 32 from pylons import request, session, tmpl_context as c, url, config | 32 from pylons import request, session, tmpl_context as c, url, config |
| 33 from pylons.controllers.util import redirect | 33 from pylons.controllers.util import redirect |
| 34 from pylons.i18n.translation import _ | 34 from pylons.i18n.translation import _ |
| 35 | 35 |
| 36 import rhodecode | |
| 36 from rhodecode.lib.exceptions import DefaultUserException, \ | 37 from rhodecode.lib.exceptions import DefaultUserException, \ |
| 37 UserOwnsReposException | 38 UserOwnsReposException |
| 38 from rhodecode.lib import helpers as h | 39 from rhodecode.lib import helpers as h |
| 39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ | 40 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ |
| 40 AuthUser | 41 AuthUser |
| 41 from rhodecode.lib.base import BaseController, render | 42 from rhodecode.lib.base import BaseController, render |
| 42 | 43 |
| 43 import rhodecode | 44 from rhodecode.model.db import User, UserEmailMap |
| 44 from rhodecode.model.db import User, Permission, UserEmailMap | |
| 45 from rhodecode.model.forms import UserForm | 45 from rhodecode.model.forms import UserForm |
| 46 from rhodecode.model.user import UserModel | 46 from rhodecode.model.user import UserModel |
| 47 from rhodecode.model.meta import Session | 47 from rhodecode.model.meta import Session |
| 48 from rhodecode.lib.utils import action_logger | 48 from rhodecode.lib.utils import action_logger |
| 49 from rhodecode.lib.compat import json | 49 from rhodecode.lib.compat import json |
| 50 from rhodecode.lib.utils2 import datetime_to_time | 50 from rhodecode.lib.utils2 import datetime_to_time, str2bool |
| 51 | 51 |
| 52 log = logging.getLogger(__name__) | 52 log = logging.getLogger(__name__) |
| 53 | 53 |
| 54 | 54 |
| 55 class UsersController(BaseController): | 55 class UsersController(BaseController): |
| 173 except formencode.Invalid, errors: | 173 except formencode.Invalid, errors: |
| 174 c.user_email_map = UserEmailMap.query()\ | 174 c.user_email_map = UserEmailMap.query()\ |
| 175 .filter(UserEmailMap.user == c.user).all() | 175 .filter(UserEmailMap.user == c.user).all() |
| 176 defaults = errors.value | 176 defaults = errors.value |
| 177 e = errors.error_dict or {} | 177 e = errors.error_dict or {} |
| 178 perm = Permission.get_by_key('hg.create.repository') | 178 defaults.update({ |
| 179 defaults.update({'create_repo_perm': user_model.has_perm(id, perm)}) | 179 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'), |
| 180 defaults.update({'_method': 'put'}) | 180 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), |
| 181 '_method': 'put' | |
| 182 }) | |
| 181 return htmlfill.render( | 183 return htmlfill.render( |
| 182 render('admin/users/user_edit.html'), | 184 render('admin/users/user_edit.html'), |
| 183 defaults=defaults, | 185 defaults=defaults, |
| 184 errors=e, | 186 errors=e, |
| 185 prefix_error=False, | 187 prefix_error=False, |
| 186 encoding="UTF-8") | 188 encoding="UTF-8") |
| 187 except Exception: | 189 except Exception: |
| 188 log.error(traceback.format_exc()) | 190 log.error(traceback.format_exc()) |
| 189 h.flash(_('error occurred during update of user %s') \ | 191 h.flash(_('error occurred during update of user %s') \ |
| 190 % form_result.get('username'), category='error') | 192 % form_result.get('username'), category='error') |
| 191 return redirect(url('users')) | 193 return redirect(url('edit_user', id=id)) |
| 192 | 194 |
| 193 def delete(self, id): | 195 def delete(self, id): |
| 194 """DELETE /users/id: Delete an existing item""" | 196 """DELETE /users/id: Delete an existing item""" |
| 195 # Forms posted to this method should contain a hidden field: | 197 # Forms posted to this method should contain a hidden field: |
| 196 # <input type="hidden" name="_method" value="DELETE" /> | 198 # <input type="hidden" name="_method" value="DELETE" /> |
| 197 # Or using helpers: | 199 # Or using helpers: |
| 198 # h.form(url('delete_user', id=ID), | 200 # h.form(url('delete_user', id=ID), |
| 199 # method='delete') | 201 # method='delete') |
| 200 # url('user', id=ID) | 202 # url('user', id=ID) |
| 201 user_model = UserModel() | 203 usr = User.get_or_404(id) |
| 202 try: | 204 try: |
| 203 user_model.delete(id) | 205 UserModel().delete(usr) |
| 204 Session().commit() | 206 Session().commit() |
| 205 h.flash(_('successfully deleted user'), category='success') | 207 h.flash(_('successfully deleted user'), category='success') |
| 206 except (UserOwnsReposException, DefaultUserException), e: | 208 except (UserOwnsReposException, DefaultUserException), e: |
| 207 h.flash(e, category='warning') | 209 h.flash(e, category='warning') |
| 208 except Exception: | 210 except Exception: |
| 221 c.user = User.get_or_404(id) | 223 c.user = User.get_or_404(id) |
| 222 | 224 |
| 223 if c.user.username == 'default': | 225 if c.user.username == 'default': |
| 224 h.flash(_("You can't edit this user"), category='warning') | 226 h.flash(_("You can't edit this user"), category='warning') |
| 225 return redirect(url('users')) | 227 return redirect(url('users')) |
| 228 | |
| 226 c.perm_user = AuthUser(user_id=id) | 229 c.perm_user = AuthUser(user_id=id) |
| 227 c.user.permissions = {} | 230 c.user.permissions = {} |
| 228 c.granted_permissions = UserModel().fill_perms(c.user)\ | 231 c.granted_permissions = UserModel().fill_perms(c.user)\ |
| 229 .permissions['global'] | 232 .permissions['global'] |
| 230 c.user_email_map = UserEmailMap.query()\ | 233 c.user_email_map = UserEmailMap.query()\ |
| 231 .filter(UserEmailMap.user == c.user).all() | 234 .filter(UserEmailMap.user == c.user).all() |
| 235 user_model = UserModel() | |
| 232 defaults = c.user.get_dict() | 236 defaults = c.user.get_dict() |
| 233 perm = Permission.get_by_key('hg.create.repository') | 237 defaults.update({ |
| 234 defaults.update({'create_repo_perm': UserModel().has_perm(id, perm)}) | 238 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'), |
| 239 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), | |
| 240 }) | |
| 235 | 241 |
| 236 return htmlfill.render( | 242 return htmlfill.render( |
| 237 render('admin/users/user_edit.html'), | 243 render('admin/users/user_edit.html'), |
| 238 defaults=defaults, | 244 defaults=defaults, |
| 239 encoding="UTF-8", | 245 encoding="UTF-8", |
| 241 ) | 247 ) |
| 242 | 248 |
| 243 def update_perm(self, id): | 249 def update_perm(self, id): |
| 244 """PUT /users_perm/id: Update an existing item""" | 250 """PUT /users_perm/id: Update an existing item""" |
| 245 # url('user_perm', id=ID, method='put') | 251 # url('user_perm', id=ID, method='put') |
| 246 | 252 usr = User.get_or_404(id) |
| 247 grant_perm = request.POST.get('create_repo_perm', False) | 253 grant_create_perm = str2bool(request.POST.get('create_repo_perm')) |
| 248 user_model = UserModel() | 254 grant_fork_perm = str2bool(request.POST.get('fork_repo_perm')) |
| 249 | 255 inherit_perms = str2bool(request.POST.get('inherit_default_permissions')) |
| 250 if grant_perm: | 256 |
| 251 perm = Permission.get_by_key('hg.create.none') | 257 user_model = UserModel() |
| 252 user_model.revoke_perm(id, perm) | 258 |
| 253 | 259 try: |
| 254 perm = Permission.get_by_key('hg.create.repository') | 260 usr.inherit_default_permissions = inherit_perms |
| 255 user_model.grant_perm(id, perm) | 261 Session().add(usr) |
| 256 h.flash(_("Granted 'repository create' permission to user"), | 262 |
| 257 category='success') | 263 if grant_create_perm: |
| 258 Session().commit() | 264 user_model.revoke_perm(usr, 'hg.create.none') |
| 259 else: | 265 user_model.grant_perm(usr, 'hg.create.repository') |
| 260 perm = Permission.get_by_key('hg.create.repository') | 266 h.flash(_("Granted 'repository create' permission to user"), |
| 261 user_model.revoke_perm(id, perm) | 267 category='success') |
| 262 | 268 else: |
| 263 perm = Permission.get_by_key('hg.create.none') | 269 user_model.revoke_perm(usr, 'hg.create.repository') |
| 264 user_model.grant_perm(id, perm) | 270 user_model.grant_perm(usr, 'hg.create.none') |
| 265 h.flash(_("Revoked 'repository create' permission to user"), | 271 h.flash(_("Revoked 'repository create' permission to user"), |
| 266 category='success') | 272 category='success') |
| 267 Session().commit() | 273 |
| 274 if grant_fork_perm: | |
| 275 user_model.revoke_perm(usr, 'hg.fork.none') | |
| 276 user_model.grant_perm(usr, 'hg.fork.repository') | |
| 277 h.flash(_("Granted 'repository fork' permission to user"), | |
| 278 category='success') | |
| 279 else: | |
| 280 user_model.revoke_perm(usr, 'hg.fork.repository') | |
| 281 user_model.grant_perm(usr, 'hg.fork.none') | |
| 282 h.flash(_("Revoked 'repository fork' permission to user"), | |
| 283 category='success') | |
| 284 | |
| 285 Session().commit() | |
| 286 except Exception: | |
| 287 log.error(traceback.format_exc()) | |
| 288 h.flash(_('An error occurred during permissions saving'), | |
| 289 category='error') | |
| 268 return redirect(url('edit_user', id=id)) | 290 return redirect(url('edit_user', id=id)) |
| 269 | 291 |
| 270 def add_email(self, id): | 292 def add_email(self, id): |
| 271 """POST /user_emails:Add an existing item""" | 293 """POST /user_emails:Add an existing item""" |
| 272 # url('user_emails', id=ID, method='put') | 294 # url('user_emails', id=ID, method='put') |