Mercurial > kallithea
comparison rhodecode/model/user.py @ 1267:d534aff5e82a beta
user defined permission will update the global permissions, and overwrite default settings.
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 18 Apr 2011 20:55:37 +0200 |
parents | a671db5bdd58 |
children | 2e7f21429316 |
comparison
equal
deleted
inserted
replaced
1266:a1bcfe58a1ab | 1267:d534aff5e82a |
---|---|
37 from sqlalchemy.exc import DatabaseError | 37 from sqlalchemy.exc import DatabaseError |
38 from rhodecode.lib import generate_api_key | 38 from rhodecode.lib import generate_api_key |
39 | 39 |
40 log = logging.getLogger(__name__) | 40 log = logging.getLogger(__name__) |
41 | 41 |
42 | |
43 PERM_ = '' | |
44 | |
42 PERM_WEIGHTS = {'repository.none':0, | 45 PERM_WEIGHTS = {'repository.none':0, |
43 'repository.read':1, | 46 'repository.read':1, |
44 'repository.write':3, | 47 'repository.write':3, |
45 'repository.admin':3} | 48 'repository.admin':3} |
49 | |
46 | 50 |
47 class UserModel(BaseModel): | 51 class UserModel(BaseModel): |
48 | 52 |
49 def get(self, user_id, cache=False): | 53 def get(self, user_id, cache=False): |
50 user = self.sa.query(User) | 54 user = self.sa.query(User) |
258 """ | 262 """ |
259 | 263 |
260 user.permissions['repositories'] = {} | 264 user.permissions['repositories'] = {} |
261 user.permissions['global'] = set() | 265 user.permissions['global'] = set() |
262 | 266 |
263 #=========================================================================== | 267 #====================================================================== |
264 # fetch default permissions | 268 # fetch default permissions |
265 #=========================================================================== | 269 #====================================================================== |
266 default_user = self.get_by_username('default', cache=True) | 270 default_user = self.get_by_username('default', cache=True) |
267 | 271 |
268 default_perms = self.sa.query(RepoToPerm, Repository, Permission)\ | 272 default_perms = self.sa.query(RepoToPerm, Repository, Permission)\ |
269 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ | 273 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
270 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ | 274 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
271 .filter(RepoToPerm.user == default_user).all() | 275 .filter(RepoToPerm.user == default_user).all() |
272 | 276 |
273 if user.is_admin: | 277 if user.is_admin: |
274 #======================================================================= | 278 #================================================================== |
275 # #admin have all default rights set to admin | 279 # #admin have all default rights set to admin |
276 #======================================================================= | 280 #================================================================== |
277 user.permissions['global'].add('hg.admin') | 281 user.permissions['global'].add('hg.admin') |
278 | 282 |
279 for perm in default_perms: | 283 for perm in default_perms: |
280 p = 'repository.admin' | 284 p = 'repository.admin' |
281 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | 285 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
282 | 286 |
283 else: | 287 else: |
284 #======================================================================= | 288 #================================================================== |
285 # set default permissions | 289 # set default permissions |
286 #======================================================================= | 290 #================================================================== |
287 | 291 |
288 #default global | 292 #default global |
289 default_global_perms = self.sa.query(UserToPerm)\ | 293 default_global_perms = self.sa.query(UserToPerm)\ |
290 .filter(UserToPerm.user == self.sa.query(User)\ | 294 .filter(UserToPerm.user == User.by_username('default')) |
291 .filter(User.username == 'default').one()) | |
292 | 295 |
293 for perm in default_global_perms: | 296 for perm in default_global_perms: |
294 user.permissions['global'].add(perm.permission.permission_name) | 297 user.permissions['global'].add(perm.permission.permission_name) |
295 | 298 |
296 #default for repositories | 299 #default for repositories |
304 else: | 307 else: |
305 p = perm.Permission.permission_name | 308 p = perm.Permission.permission_name |
306 | 309 |
307 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | 310 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
308 | 311 |
309 #======================================================================= | 312 #================================================================== |
310 # overwrite default with user permissions if any | 313 # overwrite default with user permissions if any |
311 #======================================================================= | 314 #================================================================== |
312 user_perms = self.sa.query(RepoToPerm, Permission, Repository)\ | 315 |
316 user_perms = self.sa.query(UserToPerm)\ | |
317 .filter(UserToPerm.user == | |
318 User.get(user.user_id)).all() | |
319 | |
320 for perm in user_perms: | |
321 user.permissions['global'].add(perm.permission.permission_name) | |
322 | |
323 user_repo_perms = self.sa.query(RepoToPerm, Permission, Repository)\ | |
313 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ | 324 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
314 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ | 325 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
315 .filter(RepoToPerm.user_id == user.user_id).all() | 326 .filter(RepoToPerm.user_id == user.user_id).all() |
316 | 327 |
317 for perm in user_perms: | 328 for perm in user_repo_perms: |
318 if perm.Repository.user_id == user.user_id:#set admin if owner | 329 if perm.Repository.user_id == user.user_id:#set admin if owner |
319 p = 'repository.admin' | 330 p = 'repository.admin' |
320 else: | 331 else: |
321 p = perm.Permission.permission_name | 332 p = perm.Permission.permission_name |
322 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | 333 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |