Mercurial > kallithea

comparison rhodecode/model/user.py @ 1267:d534aff5e82a beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
user defined permission will update the global permissions, and overwrite default settings.
author Marcin Kuzminski <marcin@python-works.com>
date Mon, 18 Apr 2011 20:55:37 +0200
parents a671db5bdd58
children 2e7f21429316
comparison
equal deleted inserted replaced
1266:a1bcfe58a1ab 1267:d534aff5e82a
37 from sqlalchemy.exc import DatabaseError 37 from sqlalchemy.exc import DatabaseError
38 from rhodecode.lib import generate_api_key 38 from rhodecode.lib import generate_api_key
39 39
40 log = logging.getLogger(__name__) 40 log = logging.getLogger(__name__)
41 41
42
43 PERM_ = ''
44
42 PERM_WEIGHTS = {'repository.none':0, 45 PERM_WEIGHTS = {'repository.none':0,
43 'repository.read':1, 46 'repository.read':1,
44 'repository.write':3, 47 'repository.write':3,
45 'repository.admin':3} 48 'repository.admin':3}
49
46 50
47 class UserModel(BaseModel): 51 class UserModel(BaseModel):
48 52
49 def get(self, user_id, cache=False): 53 def get(self, user_id, cache=False):
50 user = self.sa.query(User) 54 user = self.sa.query(User)
258 """ 262 """
259 263
260 user.permissions['repositories'] = {} 264 user.permissions['repositories'] = {}
261 user.permissions['global'] = set() 265 user.permissions['global'] = set()
262 266
263 #=========================================================================== 267 #======================================================================
264 # fetch default permissions 268 # fetch default permissions
265 #=========================================================================== 269 #======================================================================
266 default_user = self.get_by_username('default', cache=True) 270 default_user = self.get_by_username('default', cache=True)
267 271
268 default_perms = self.sa.query(RepoToPerm, Repository, Permission)\ 272 default_perms = self.sa.query(RepoToPerm, Repository, Permission)\
269 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ 273 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
270 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ 274 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
271 .filter(RepoToPerm.user == default_user).all() 275 .filter(RepoToPerm.user == default_user).all()
272 276
273 if user.is_admin: 277 if user.is_admin:
274 #======================================================================= 278 #==================================================================
275 # #admin have all default rights set to admin 279 # #admin have all default rights set to admin
276 #======================================================================= 280 #==================================================================
277 user.permissions['global'].add('hg.admin') 281 user.permissions['global'].add('hg.admin')
278 282
279 for perm in default_perms: 283 for perm in default_perms:
280 p = 'repository.admin' 284 p = 'repository.admin'
281 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p 285 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
282 286
283 else: 287 else:
284 #======================================================================= 288 #==================================================================
285 # set default permissions 289 # set default permissions
286 #======================================================================= 290 #==================================================================
287 291
288 #default global 292 #default global
289 default_global_perms = self.sa.query(UserToPerm)\ 293 default_global_perms = self.sa.query(UserToPerm)\
290 .filter(UserToPerm.user == self.sa.query(User)\ 294 .filter(UserToPerm.user == User.by_username('default'))
291 .filter(User.username == 'default').one())
292 295
293 for perm in default_global_perms: 296 for perm in default_global_perms:
294 user.permissions['global'].add(perm.permission.permission_name) 297 user.permissions['global'].add(perm.permission.permission_name)
295 298
296 #default for repositories 299 #default for repositories
304 else: 307 else:
305 p = perm.Permission.permission_name 308 p = perm.Permission.permission_name
306 309
307 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p 310 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
308 311
309 #======================================================================= 312 #==================================================================
310 # overwrite default with user permissions if any 313 # overwrite default with user permissions if any
311 #======================================================================= 314 #==================================================================
312 user_perms = self.sa.query(RepoToPerm, Permission, Repository)\ 315
316 user_perms = self.sa.query(UserToPerm)\
317 .filter(UserToPerm.user ==
318 User.get(user.user_id)).all()
319
320 for perm in user_perms:
321 user.permissions['global'].add(perm.permission.permission_name)
322
323 user_repo_perms = self.sa.query(RepoToPerm, Permission, Repository)\
313 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ 324 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
314 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ 325 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
315 .filter(RepoToPerm.user_id == user.user_id).all() 326 .filter(RepoToPerm.user_id == user.user_id).all()
316 327
317 for perm in user_perms: 328 for perm in user_repo_perms:
318 if perm.Repository.user_id == user.user_id:#set admin if owner 329 if perm.Repository.user_id == user.user_id:#set admin if owner
319 p = 'repository.admin' 330 p = 'repository.admin'
320 else: 331 else:
321 p = perm.Permission.permission_name 332 p = perm.Permission.permission_name
322 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p 333 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p