Mercurial > kallithea
comparison rhodecode/model/user.py @ 2165:dc2584ba5fbc
merged beta into default branch
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Wed, 28 Mar 2012 19:54:16 +0200 |
| parents | ecd59c28f432 fa637dc3e029 |
| children | a437a986d399 |
comparison
equal
deleted
inserted
replaced
| 2097:8fd6650bb436 | 2165:dc2584ba5fbc |
|---|---|
| 27 import traceback | 27 import traceback |
| 28 | 28 |
| 29 from pylons import url | 29 from pylons import url |
| 30 from pylons.i18n.translation import _ | 30 from pylons.i18n.translation import _ |
| 31 | 31 |
| 32 from rhodecode.lib import safe_unicode | 32 from rhodecode.lib.utils2 import safe_unicode, generate_api_key |
| 33 from rhodecode.lib.caching_query import FromCache | 33 from rhodecode.lib.caching_query import FromCache |
| 34 | 34 |
| 35 from rhodecode.model import BaseModel | 35 from rhodecode.model import BaseModel |
| 36 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ | 36 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
| 37 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ | 37 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ |
| 38 Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup | 38 Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup,\ |
| 39 UsersGroupRepoGroupToPerm | |
| 39 from rhodecode.lib.exceptions import DefaultUserException, \ | 40 from rhodecode.lib.exceptions import DefaultUserException, \ |
| 40 UserOwnsReposException | 41 UserOwnsReposException |
| 41 | 42 |
| 42 from sqlalchemy.exc import DatabaseError | 43 from sqlalchemy.exc import DatabaseError |
| 43 from rhodecode.lib import generate_api_key | 44 |
| 44 from sqlalchemy.orm import joinedload | 45 from sqlalchemy.orm import joinedload |
| 45 | 46 |
| 46 log = logging.getLogger(__name__) | 47 log = logging.getLogger(__name__) |
| 47 | 48 |
| 48 | 49 |
| 296 user = self.__get_user(user) | 297 user = self.__get_user(user) |
| 297 | 298 |
| 298 try: | 299 try: |
| 299 if user.username == 'default': | 300 if user.username == 'default': |
| 300 raise DefaultUserException( | 301 raise DefaultUserException( |
| 301 _("You can't remove this user since it's" | 302 _(u"You can't remove this user since it's" |
| 302 " crucial for entire application")) | 303 " crucial for entire application") |
| 304 ) | |
| 303 if user.repositories: | 305 if user.repositories: |
| 304 raise UserOwnsReposException(_('This user still owns %s ' | 306 repos = [x.repo_name for x in user.repositories] |
| 305 'repositories and cannot be ' | 307 raise UserOwnsReposException( |
| 306 'removed. Switch owners or ' | 308 _(u'user "%s" still owns %s repositories and cannot be ' |
| 307 'remove those repositories') \ | 309 'removed. Switch owners or remove those repositories. %s') |
| 308 % user.repositories) | 310 % (user.username, len(repos), ', '.join(repos)) |
| 311 ) | |
| 309 self.sa.delete(user) | 312 self.sa.delete(user) |
| 310 except: | 313 except: |
| 311 log.error(traceback.format_exc()) | 314 log.error(traceback.format_exc()) |
| 312 raise | 315 raise |
| 313 | 316 |
| 407 .filter(UserToPerm.user_id == default_user_id) | 410 .filter(UserToPerm.user_id == default_user_id) |
| 408 | 411 |
| 409 for perm in default_global_perms: | 412 for perm in default_global_perms: |
| 410 user.permissions[GLOBAL].add(perm.permission.permission_name) | 413 user.permissions[GLOBAL].add(perm.permission.permission_name) |
| 411 | 414 |
| 412 # default for repositories | 415 # defaults for repositories, taken from default user |
| 413 for perm in default_repo_perms: | 416 for perm in default_repo_perms: |
| 414 r_k = perm.UserRepoToPerm.repository.repo_name | 417 r_k = perm.UserRepoToPerm.repository.repo_name |
| 415 if perm.Repository.private and not (perm.Repository.user_id == uid): | 418 if perm.Repository.private and not (perm.Repository.user_id == uid): |
| 416 # disable defaults for private repos, | 419 # disable defaults for private repos, |
| 417 p = 'repository.none' | 420 p = 'repository.none' |
| 421 else: | 424 else: |
| 422 p = perm.Permission.permission_name | 425 p = perm.Permission.permission_name |
| 423 | 426 |
| 424 user.permissions[RK][r_k] = p | 427 user.permissions[RK][r_k] = p |
| 425 | 428 |
| 426 # default for repositories groups | 429 # defaults for repositories groups taken from default user permission |
| 430 # on given group | |
| 427 for perm in default_repo_groups_perms: | 431 for perm in default_repo_groups_perms: |
| 428 rg_k = perm.UserRepoGroupToPerm.group.group_name | 432 rg_k = perm.UserRepoGroupToPerm.group.group_name |
| 429 p = perm.Permission.permission_name | 433 p = perm.Permission.permission_name |
| 430 user.permissions[GK][rg_k] = p | 434 user.permissions[GK][rg_k] = p |
| 431 | 435 |
| 432 #================================================================== | 436 #================================================================== |
| 433 # overwrite default with user permissions if any | 437 # overwrite defaults with user permissions if any found |
| 434 #================================================================== | 438 #================================================================== |
| 435 | 439 |
| 436 # user global | 440 # user global permissions |
| 437 user_perms = self.sa.query(UserToPerm)\ | 441 user_perms = self.sa.query(UserToPerm)\ |
| 438 .options(joinedload(UserToPerm.permission))\ | 442 .options(joinedload(UserToPerm.permission))\ |
| 439 .filter(UserToPerm.user_id == uid).all() | 443 .filter(UserToPerm.user_id == uid).all() |
| 440 | 444 |
| 441 for perm in user_perms: | 445 for perm in user_perms: |
| 442 user.permissions[GLOBAL].add(perm.permission.permission_name) | 446 user.permissions[GLOBAL].add(perm.permission.permission_name) |
| 443 | 447 |
| 444 # user repositories | 448 # user explicit permissions for repositories |
| 445 user_repo_perms = \ | 449 user_repo_perms = \ |
| 446 self.sa.query(UserRepoToPerm, Permission, Repository)\ | 450 self.sa.query(UserRepoToPerm, Permission, Repository)\ |
| 447 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ | 451 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ |
| 448 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ | 452 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ |
| 449 .filter(UserRepoToPerm.user_id == uid)\ | 453 .filter(UserRepoToPerm.user_id == uid)\ |
| 457 else: | 461 else: |
| 458 p = perm.Permission.permission_name | 462 p = perm.Permission.permission_name |
| 459 user.permissions[RK][r_k] = p | 463 user.permissions[RK][r_k] = p |
| 460 | 464 |
| 461 #================================================================== | 465 #================================================================== |
| 462 # check if user is part of groups for this repository and fill in | 466 # check if user is part of user groups for this repository and |
| 463 # (or replace with higher) permissions | 467 # fill in (or replace with higher) permissions |
| 464 #================================================================== | 468 #================================================================== |
| 465 | 469 |
| 466 # users group global | 470 # users group global |
| 467 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ | 471 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ |
| 468 .options(joinedload(UsersGroupToPerm.permission))\ | 472 .options(joinedload(UsersGroupToPerm.permission))\ |
| 471 .filter(UsersGroupMember.user_id == uid).all() | 475 .filter(UsersGroupMember.user_id == uid).all() |
| 472 | 476 |
| 473 for perm in user_perms_from_users_groups: | 477 for perm in user_perms_from_users_groups: |
| 474 user.permissions[GLOBAL].add(perm.permission.permission_name) | 478 user.permissions[GLOBAL].add(perm.permission.permission_name) |
| 475 | 479 |
| 476 # users group repositories | 480 # users group for repositories permissions |
| 477 user_repo_perms_from_users_groups = \ | 481 user_repo_perms_from_users_groups = \ |
| 478 self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ | 482 self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ |
| 479 .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ | 483 .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ |
| 480 .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ | 484 .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ |
| 481 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ | 485 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
| 493 | 497 |
| 494 #================================================================== | 498 #================================================================== |
| 495 # get access for this user for repos group and override defaults | 499 # get access for this user for repos group and override defaults |
| 496 #================================================================== | 500 #================================================================== |
| 497 | 501 |
| 498 # user repositories groups | 502 # user explicit permissions for repository |
| 499 user_repo_groups_perms = \ | 503 user_repo_groups_perms = \ |
| 500 self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ | 504 self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
| 501 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ | 505 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
| 502 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ | 506 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ |
| 503 .filter(UserRepoToPerm.user_id == uid)\ | 507 .filter(UserRepoGroupToPerm.user_id == uid)\ |
| 504 .all() | 508 .all() |
| 505 | 509 |
| 506 for perm in user_repo_groups_perms: | 510 for perm in user_repo_groups_perms: |
| 507 rg_k = perm.UserRepoGroupToPerm.group.group_name | 511 rg_k = perm.UserRepoGroupToPerm.group.group_name |
| 508 p = perm.Permission.permission_name | 512 p = perm.Permission.permission_name |
| 509 cur_perm = user.permissions[GK][rg_k] | 513 cur_perm = user.permissions[GK][rg_k] |
| 510 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | 514 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
| 511 user.permissions[GK][rg_k] = p | 515 user.permissions[GK][rg_k] = p |
| 516 | |
| 517 #================================================================== | |
| 518 # check if user is part of user groups for this repo group and | |
| 519 # fill in (or replace with higher) permissions | |
| 520 #================================================================== | |
| 521 | |
| 522 # users group for repositories permissions | |
| 523 user_repo_group_perms_from_users_groups = \ | |
| 524 self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
| 525 .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
| 526 .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
| 527 .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
| 528 .filter(UsersGroupMember.user_id == uid)\ | |
| 529 .all() | |
| 530 | |
| 531 for perm in user_repo_group_perms_from_users_groups: | |
| 532 g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
| 533 print perm, g_k | |
| 534 p = perm.Permission.permission_name | |
| 535 cur_perm = user.permissions[GK][g_k] | |
| 536 # overwrite permission only if it's greater than permission | |
| 537 # given from other sources | |
| 538 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
| 539 user.permissions[GK][g_k] = p | |
| 512 | 540 |
| 513 return user | 541 return user |
| 514 | 542 |
| 515 def has_perm(self, user, perm): | 543 def has_perm(self, user, perm): |
| 516 if not isinstance(perm, Permission): | 544 if not isinstance(perm, Permission): |