Mercurial > kallithea
comparison rhodecode/controllers/admin/users.py @ 2709:d2d35cf2b351 beta
RhodeCode now has a option to explicitly set forking permissions. ref #508
- changed the way permissons on users groups behave. Now explicit set on user
is more important than permission set on users group
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Fri, 10 Aug 2012 03:09:36 +0200 |
parents | 4eef5eeb81a3 |
children | 63e58ef80ef1 b2b93614a7cd |
comparison
equal
deleted
inserted
replaced
2708:9bce679a3f49 | 2709:d2d35cf2b351 |
---|---|
31 from formencode import htmlfill | 31 from formencode import htmlfill |
32 from pylons import request, session, tmpl_context as c, url, config | 32 from pylons import request, session, tmpl_context as c, url, config |
33 from pylons.controllers.util import redirect | 33 from pylons.controllers.util import redirect |
34 from pylons.i18n.translation import _ | 34 from pylons.i18n.translation import _ |
35 | 35 |
36 import rhodecode | |
36 from rhodecode.lib.exceptions import DefaultUserException, \ | 37 from rhodecode.lib.exceptions import DefaultUserException, \ |
37 UserOwnsReposException | 38 UserOwnsReposException |
38 from rhodecode.lib import helpers as h | 39 from rhodecode.lib import helpers as h |
39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ | 40 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ |
40 AuthUser | 41 AuthUser |
41 from rhodecode.lib.base import BaseController, render | 42 from rhodecode.lib.base import BaseController, render |
42 | 43 |
43 import rhodecode | 44 from rhodecode.model.db import User, UserEmailMap |
44 from rhodecode.model.db import User, Permission, UserEmailMap | |
45 from rhodecode.model.forms import UserForm | 45 from rhodecode.model.forms import UserForm |
46 from rhodecode.model.user import UserModel | 46 from rhodecode.model.user import UserModel |
47 from rhodecode.model.meta import Session | 47 from rhodecode.model.meta import Session |
48 from rhodecode.lib.utils import action_logger | 48 from rhodecode.lib.utils import action_logger |
49 from rhodecode.lib.compat import json | 49 from rhodecode.lib.compat import json |
50 from rhodecode.lib.utils2 import datetime_to_time | 50 from rhodecode.lib.utils2 import datetime_to_time, str2bool |
51 | 51 |
52 log = logging.getLogger(__name__) | 52 log = logging.getLogger(__name__) |
53 | 53 |
54 | 54 |
55 class UsersController(BaseController): | 55 class UsersController(BaseController): |
173 except formencode.Invalid, errors: | 173 except formencode.Invalid, errors: |
174 c.user_email_map = UserEmailMap.query()\ | 174 c.user_email_map = UserEmailMap.query()\ |
175 .filter(UserEmailMap.user == c.user).all() | 175 .filter(UserEmailMap.user == c.user).all() |
176 defaults = errors.value | 176 defaults = errors.value |
177 e = errors.error_dict or {} | 177 e = errors.error_dict or {} |
178 perm = Permission.get_by_key('hg.create.repository') | 178 defaults.update({ |
179 defaults.update({'create_repo_perm': user_model.has_perm(id, perm)}) | 179 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'), |
180 defaults.update({'_method': 'put'}) | 180 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), |
181 '_method': 'put' | |
182 }) | |
181 return htmlfill.render( | 183 return htmlfill.render( |
182 render('admin/users/user_edit.html'), | 184 render('admin/users/user_edit.html'), |
183 defaults=defaults, | 185 defaults=defaults, |
184 errors=e, | 186 errors=e, |
185 prefix_error=False, | 187 prefix_error=False, |
186 encoding="UTF-8") | 188 encoding="UTF-8") |
187 except Exception: | 189 except Exception: |
188 log.error(traceback.format_exc()) | 190 log.error(traceback.format_exc()) |
189 h.flash(_('error occurred during update of user %s') \ | 191 h.flash(_('error occurred during update of user %s') \ |
190 % form_result.get('username'), category='error') | 192 % form_result.get('username'), category='error') |
191 return redirect(url('users')) | 193 return redirect(url('edit_user', id=id)) |
192 | 194 |
193 def delete(self, id): | 195 def delete(self, id): |
194 """DELETE /users/id: Delete an existing item""" | 196 """DELETE /users/id: Delete an existing item""" |
195 # Forms posted to this method should contain a hidden field: | 197 # Forms posted to this method should contain a hidden field: |
196 # <input type="hidden" name="_method" value="DELETE" /> | 198 # <input type="hidden" name="_method" value="DELETE" /> |
197 # Or using helpers: | 199 # Or using helpers: |
198 # h.form(url('delete_user', id=ID), | 200 # h.form(url('delete_user', id=ID), |
199 # method='delete') | 201 # method='delete') |
200 # url('user', id=ID) | 202 # url('user', id=ID) |
201 user_model = UserModel() | 203 usr = User.get_or_404(id) |
202 try: | 204 try: |
203 user_model.delete(id) | 205 UserModel().delete(usr) |
204 Session().commit() | 206 Session().commit() |
205 h.flash(_('successfully deleted user'), category='success') | 207 h.flash(_('successfully deleted user'), category='success') |
206 except (UserOwnsReposException, DefaultUserException), e: | 208 except (UserOwnsReposException, DefaultUserException), e: |
207 h.flash(e, category='warning') | 209 h.flash(e, category='warning') |
208 except Exception: | 210 except Exception: |
221 c.user = User.get_or_404(id) | 223 c.user = User.get_or_404(id) |
222 | 224 |
223 if c.user.username == 'default': | 225 if c.user.username == 'default': |
224 h.flash(_("You can't edit this user"), category='warning') | 226 h.flash(_("You can't edit this user"), category='warning') |
225 return redirect(url('users')) | 227 return redirect(url('users')) |
228 | |
226 c.perm_user = AuthUser(user_id=id) | 229 c.perm_user = AuthUser(user_id=id) |
227 c.user.permissions = {} | 230 c.user.permissions = {} |
228 c.granted_permissions = UserModel().fill_perms(c.user)\ | 231 c.granted_permissions = UserModel().fill_perms(c.user)\ |
229 .permissions['global'] | 232 .permissions['global'] |
230 c.user_email_map = UserEmailMap.query()\ | 233 c.user_email_map = UserEmailMap.query()\ |
231 .filter(UserEmailMap.user == c.user).all() | 234 .filter(UserEmailMap.user == c.user).all() |
235 user_model = UserModel() | |
232 defaults = c.user.get_dict() | 236 defaults = c.user.get_dict() |
233 perm = Permission.get_by_key('hg.create.repository') | 237 defaults.update({ |
234 defaults.update({'create_repo_perm': UserModel().has_perm(id, perm)}) | 238 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'), |
239 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), | |
240 }) | |
235 | 241 |
236 return htmlfill.render( | 242 return htmlfill.render( |
237 render('admin/users/user_edit.html'), | 243 render('admin/users/user_edit.html'), |
238 defaults=defaults, | 244 defaults=defaults, |
239 encoding="UTF-8", | 245 encoding="UTF-8", |
241 ) | 247 ) |
242 | 248 |
243 def update_perm(self, id): | 249 def update_perm(self, id): |
244 """PUT /users_perm/id: Update an existing item""" | 250 """PUT /users_perm/id: Update an existing item""" |
245 # url('user_perm', id=ID, method='put') | 251 # url('user_perm', id=ID, method='put') |
246 | 252 usr = User.get_or_404(id) |
247 grant_perm = request.POST.get('create_repo_perm', False) | 253 grant_create_perm = str2bool(request.POST.get('create_repo_perm')) |
248 user_model = UserModel() | 254 grant_fork_perm = str2bool(request.POST.get('fork_repo_perm')) |
249 | 255 inherit_perms = str2bool(request.POST.get('inherit_default_permissions')) |
250 if grant_perm: | 256 |
251 perm = Permission.get_by_key('hg.create.none') | 257 user_model = UserModel() |
252 user_model.revoke_perm(id, perm) | 258 |
253 | 259 try: |
254 perm = Permission.get_by_key('hg.create.repository') | 260 usr.inherit_default_permissions = inherit_perms |
255 user_model.grant_perm(id, perm) | 261 Session().add(usr) |
256 h.flash(_("Granted 'repository create' permission to user"), | 262 |
257 category='success') | 263 if grant_create_perm: |
258 Session().commit() | 264 user_model.revoke_perm(usr, 'hg.create.none') |
259 else: | 265 user_model.grant_perm(usr, 'hg.create.repository') |
260 perm = Permission.get_by_key('hg.create.repository') | 266 h.flash(_("Granted 'repository create' permission to user"), |
261 user_model.revoke_perm(id, perm) | 267 category='success') |
262 | 268 else: |
263 perm = Permission.get_by_key('hg.create.none') | 269 user_model.revoke_perm(usr, 'hg.create.repository') |
264 user_model.grant_perm(id, perm) | 270 user_model.grant_perm(usr, 'hg.create.none') |
265 h.flash(_("Revoked 'repository create' permission to user"), | 271 h.flash(_("Revoked 'repository create' permission to user"), |
266 category='success') | 272 category='success') |
267 Session().commit() | 273 |
274 if grant_fork_perm: | |
275 user_model.revoke_perm(usr, 'hg.fork.none') | |
276 user_model.grant_perm(usr, 'hg.fork.repository') | |
277 h.flash(_("Granted 'repository fork' permission to user"), | |
278 category='success') | |
279 else: | |
280 user_model.revoke_perm(usr, 'hg.fork.repository') | |
281 user_model.grant_perm(usr, 'hg.fork.none') | |
282 h.flash(_("Revoked 'repository fork' permission to user"), | |
283 category='success') | |
284 | |
285 Session().commit() | |
286 except Exception: | |
287 log.error(traceback.format_exc()) | |
288 h.flash(_('An error occurred during permissions saving'), | |
289 category='error') | |
268 return redirect(url('edit_user', id=id)) | 290 return redirect(url('edit_user', id=id)) |
269 | 291 |
270 def add_email(self, id): | 292 def add_email(self, id): |
271 """POST /user_emails:Add an existing item""" | 293 """POST /user_emails:Add an existing item""" |
272 # url('user_emails', id=ID, method='put') | 294 # url('user_emails', id=ID, method='put') |