Mercurial > kallithea
comparison rhodecode/model/user.py @ 2165:dc2584ba5fbc
merged beta into default branch
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Wed, 28 Mar 2012 19:54:16 +0200 |
parents | ecd59c28f432 fa637dc3e029 |
children | a437a986d399 |
comparison
equal
deleted
inserted
replaced
2097:8fd6650bb436 | 2165:dc2584ba5fbc |
---|---|
27 import traceback | 27 import traceback |
28 | 28 |
29 from pylons import url | 29 from pylons import url |
30 from pylons.i18n.translation import _ | 30 from pylons.i18n.translation import _ |
31 | 31 |
32 from rhodecode.lib import safe_unicode | 32 from rhodecode.lib.utils2 import safe_unicode, generate_api_key |
33 from rhodecode.lib.caching_query import FromCache | 33 from rhodecode.lib.caching_query import FromCache |
34 | 34 |
35 from rhodecode.model import BaseModel | 35 from rhodecode.model import BaseModel |
36 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ | 36 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
37 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ | 37 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ |
38 Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup | 38 Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup,\ |
39 UsersGroupRepoGroupToPerm | |
39 from rhodecode.lib.exceptions import DefaultUserException, \ | 40 from rhodecode.lib.exceptions import DefaultUserException, \ |
40 UserOwnsReposException | 41 UserOwnsReposException |
41 | 42 |
42 from sqlalchemy.exc import DatabaseError | 43 from sqlalchemy.exc import DatabaseError |
43 from rhodecode.lib import generate_api_key | 44 |
44 from sqlalchemy.orm import joinedload | 45 from sqlalchemy.orm import joinedload |
45 | 46 |
46 log = logging.getLogger(__name__) | 47 log = logging.getLogger(__name__) |
47 | 48 |
48 | 49 |
296 user = self.__get_user(user) | 297 user = self.__get_user(user) |
297 | 298 |
298 try: | 299 try: |
299 if user.username == 'default': | 300 if user.username == 'default': |
300 raise DefaultUserException( | 301 raise DefaultUserException( |
301 _("You can't remove this user since it's" | 302 _(u"You can't remove this user since it's" |
302 " crucial for entire application")) | 303 " crucial for entire application") |
304 ) | |
303 if user.repositories: | 305 if user.repositories: |
304 raise UserOwnsReposException(_('This user still owns %s ' | 306 repos = [x.repo_name for x in user.repositories] |
305 'repositories and cannot be ' | 307 raise UserOwnsReposException( |
306 'removed. Switch owners or ' | 308 _(u'user "%s" still owns %s repositories and cannot be ' |
307 'remove those repositories') \ | 309 'removed. Switch owners or remove those repositories. %s') |
308 % user.repositories) | 310 % (user.username, len(repos), ', '.join(repos)) |
311 ) | |
309 self.sa.delete(user) | 312 self.sa.delete(user) |
310 except: | 313 except: |
311 log.error(traceback.format_exc()) | 314 log.error(traceback.format_exc()) |
312 raise | 315 raise |
313 | 316 |
407 .filter(UserToPerm.user_id == default_user_id) | 410 .filter(UserToPerm.user_id == default_user_id) |
408 | 411 |
409 for perm in default_global_perms: | 412 for perm in default_global_perms: |
410 user.permissions[GLOBAL].add(perm.permission.permission_name) | 413 user.permissions[GLOBAL].add(perm.permission.permission_name) |
411 | 414 |
412 # default for repositories | 415 # defaults for repositories, taken from default user |
413 for perm in default_repo_perms: | 416 for perm in default_repo_perms: |
414 r_k = perm.UserRepoToPerm.repository.repo_name | 417 r_k = perm.UserRepoToPerm.repository.repo_name |
415 if perm.Repository.private and not (perm.Repository.user_id == uid): | 418 if perm.Repository.private and not (perm.Repository.user_id == uid): |
416 # disable defaults for private repos, | 419 # disable defaults for private repos, |
417 p = 'repository.none' | 420 p = 'repository.none' |
421 else: | 424 else: |
422 p = perm.Permission.permission_name | 425 p = perm.Permission.permission_name |
423 | 426 |
424 user.permissions[RK][r_k] = p | 427 user.permissions[RK][r_k] = p |
425 | 428 |
426 # default for repositories groups | 429 # defaults for repositories groups taken from default user permission |
430 # on given group | |
427 for perm in default_repo_groups_perms: | 431 for perm in default_repo_groups_perms: |
428 rg_k = perm.UserRepoGroupToPerm.group.group_name | 432 rg_k = perm.UserRepoGroupToPerm.group.group_name |
429 p = perm.Permission.permission_name | 433 p = perm.Permission.permission_name |
430 user.permissions[GK][rg_k] = p | 434 user.permissions[GK][rg_k] = p |
431 | 435 |
432 #================================================================== | 436 #================================================================== |
433 # overwrite default with user permissions if any | 437 # overwrite defaults with user permissions if any found |
434 #================================================================== | 438 #================================================================== |
435 | 439 |
436 # user global | 440 # user global permissions |
437 user_perms = self.sa.query(UserToPerm)\ | 441 user_perms = self.sa.query(UserToPerm)\ |
438 .options(joinedload(UserToPerm.permission))\ | 442 .options(joinedload(UserToPerm.permission))\ |
439 .filter(UserToPerm.user_id == uid).all() | 443 .filter(UserToPerm.user_id == uid).all() |
440 | 444 |
441 for perm in user_perms: | 445 for perm in user_perms: |
442 user.permissions[GLOBAL].add(perm.permission.permission_name) | 446 user.permissions[GLOBAL].add(perm.permission.permission_name) |
443 | 447 |
444 # user repositories | 448 # user explicit permissions for repositories |
445 user_repo_perms = \ | 449 user_repo_perms = \ |
446 self.sa.query(UserRepoToPerm, Permission, Repository)\ | 450 self.sa.query(UserRepoToPerm, Permission, Repository)\ |
447 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ | 451 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ |
448 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ | 452 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ |
449 .filter(UserRepoToPerm.user_id == uid)\ | 453 .filter(UserRepoToPerm.user_id == uid)\ |
457 else: | 461 else: |
458 p = perm.Permission.permission_name | 462 p = perm.Permission.permission_name |
459 user.permissions[RK][r_k] = p | 463 user.permissions[RK][r_k] = p |
460 | 464 |
461 #================================================================== | 465 #================================================================== |
462 # check if user is part of groups for this repository and fill in | 466 # check if user is part of user groups for this repository and |
463 # (or replace with higher) permissions | 467 # fill in (or replace with higher) permissions |
464 #================================================================== | 468 #================================================================== |
465 | 469 |
466 # users group global | 470 # users group global |
467 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ | 471 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ |
468 .options(joinedload(UsersGroupToPerm.permission))\ | 472 .options(joinedload(UsersGroupToPerm.permission))\ |
471 .filter(UsersGroupMember.user_id == uid).all() | 475 .filter(UsersGroupMember.user_id == uid).all() |
472 | 476 |
473 for perm in user_perms_from_users_groups: | 477 for perm in user_perms_from_users_groups: |
474 user.permissions[GLOBAL].add(perm.permission.permission_name) | 478 user.permissions[GLOBAL].add(perm.permission.permission_name) |
475 | 479 |
476 # users group repositories | 480 # users group for repositories permissions |
477 user_repo_perms_from_users_groups = \ | 481 user_repo_perms_from_users_groups = \ |
478 self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ | 482 self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ |
479 .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ | 483 .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ |
480 .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ | 484 .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ |
481 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ | 485 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
493 | 497 |
494 #================================================================== | 498 #================================================================== |
495 # get access for this user for repos group and override defaults | 499 # get access for this user for repos group and override defaults |
496 #================================================================== | 500 #================================================================== |
497 | 501 |
498 # user repositories groups | 502 # user explicit permissions for repository |
499 user_repo_groups_perms = \ | 503 user_repo_groups_perms = \ |
500 self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ | 504 self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
501 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ | 505 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
502 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ | 506 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ |
503 .filter(UserRepoToPerm.user_id == uid)\ | 507 .filter(UserRepoGroupToPerm.user_id == uid)\ |
504 .all() | 508 .all() |
505 | 509 |
506 for perm in user_repo_groups_perms: | 510 for perm in user_repo_groups_perms: |
507 rg_k = perm.UserRepoGroupToPerm.group.group_name | 511 rg_k = perm.UserRepoGroupToPerm.group.group_name |
508 p = perm.Permission.permission_name | 512 p = perm.Permission.permission_name |
509 cur_perm = user.permissions[GK][rg_k] | 513 cur_perm = user.permissions[GK][rg_k] |
510 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | 514 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
511 user.permissions[GK][rg_k] = p | 515 user.permissions[GK][rg_k] = p |
516 | |
517 #================================================================== | |
518 # check if user is part of user groups for this repo group and | |
519 # fill in (or replace with higher) permissions | |
520 #================================================================== | |
521 | |
522 # users group for repositories permissions | |
523 user_repo_group_perms_from_users_groups = \ | |
524 self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
525 .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
526 .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
527 .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
528 .filter(UsersGroupMember.user_id == uid)\ | |
529 .all() | |
530 | |
531 for perm in user_repo_group_perms_from_users_groups: | |
532 g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
533 print perm, g_k | |
534 p = perm.Permission.permission_name | |
535 cur_perm = user.permissions[GK][g_k] | |
536 # overwrite permission only if it's greater than permission | |
537 # given from other sources | |
538 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
539 user.permissions[GK][g_k] = p | |
512 | 540 |
513 return user | 541 return user |
514 | 542 |
515 def has_perm(self, user, perm): | 543 def has_perm(self, user, perm): |
516 if not isinstance(perm, Permission): | 544 if not isinstance(perm, Permission): |