Mercurial > kallithea
comparison rhodecode/lib/auth.py @ 673:dd532af216d9 beta
#49 Enabled anonymous access for web interface controllable from permissions pannel
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Thu, 11 Nov 2010 01:05:43 +0100 |
parents | 7e536d1af60d |
children | 99875a8f2ad1 |
comparison
equal
deleted
inserted
replaced
670:e7c670cc03cb | 673:dd532af216d9 |
---|---|
24 """ | 24 """ |
25 from pylons import config, session, url, request | 25 from pylons import config, session, url, request |
26 from pylons.controllers.util import abort, redirect | 26 from pylons.controllers.util import abort, redirect |
27 from rhodecode.lib.utils import get_repo_slug | 27 from rhodecode.lib.utils import get_repo_slug |
28 from rhodecode.model import meta | 28 from rhodecode.model import meta |
29 from rhodecode.model.user import UserModel | |
29 from rhodecode.model.caching_query import FromCache | 30 from rhodecode.model.caching_query import FromCache |
30 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \ | 31 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \ |
31 UserToPerm | 32 UserToPerm |
32 import bcrypt | 33 import bcrypt |
33 from decorator import decorator | 34 from decorator import decorator |
34 import logging | 35 import logging |
35 import random | 36 import random |
36 | 37 |
37 log = logging.getLogger(__name__) | 38 log = logging.getLogger(__name__) |
38 | 39 |
39 class PasswordGenerator(object): | 40 class PasswordGenerator(object): |
40 """This is a simple class for generating password from | 41 """This is a simple class for generating password from |
41 different sets of characters | 42 different sets of characters |
42 usage: | 43 usage: |
51 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4] | 52 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4] |
52 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5] | 53 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5] |
53 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL | 54 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL |
54 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6] | 55 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6] |
55 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7] | 56 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7] |
56 | 57 |
57 def __init__(self, passwd=''): | 58 def __init__(self, passwd=''): |
58 self.passwd = passwd | 59 self.passwd = passwd |
59 | 60 |
60 def gen_password(self, len, type): | 61 def gen_password(self, len, type): |
61 self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) | 62 self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) |
62 return self.passwd | 63 return self.passwd |
63 | 64 |
64 | 65 |
65 def get_crypt_password(password): | 66 def get_crypt_password(password): |
66 """Cryptographic function used for password hashing based on sha1 | 67 """Cryptographic function used for password hashing based on sha1 |
67 :param password: password to hash | 68 :param password: password to hash |
68 """ | 69 """ |
69 return bcrypt.hashpw(password, bcrypt.gensalt(10)) | 70 return bcrypt.hashpw(password, bcrypt.gensalt(10)) |
70 | 71 |
71 def check_password(password, hashed): | 72 def check_password(password, hashed): |
72 return bcrypt.hashpw(password, hashed) == hashed | 73 return bcrypt.hashpw(password, hashed) == hashed |
73 | 74 |
74 def authfunc(environ, username, password): | 75 def authfunc(environ, username, password): |
75 from rhodecode.model.user import UserModel | |
76 user = UserModel().get_by_username(username, cache=False) | 76 user = UserModel().get_by_username(username, cache=False) |
77 | 77 |
78 if user: | 78 if user: |
79 if user.active: | 79 if user.active: |
80 if user.username == username and check_password(password, user.password): | 80 if user.username == username and check_password(password, user.password): |
81 log.info('user %s authenticated correctly', username) | 81 log.info('user %s authenticated correctly', username) |
82 return True | 82 return True |
83 else: | 83 else: |
84 log.error('user %s is disabled', username) | 84 log.error('user %s is disabled', username) |
85 | 85 |
86 return False | 86 return False |
87 | 87 |
88 class AuthUser(object): | 88 class AuthUser(object): |
89 """ | 89 """ |
90 A simple object that handles a mercurial username for authentication | 90 A simple object that handles a mercurial username for authentication |
97 self.user_id = None | 97 self.user_id = None |
98 self.is_authenticated = False | 98 self.is_authenticated = False |
99 self.is_admin = False | 99 self.is_admin = False |
100 self.permissions = {} | 100 self.permissions = {} |
101 | 101 |
102 def __repr__(self): | |
103 return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username) | |
102 | 104 |
103 def set_available_permissions(config): | 105 def set_available_permissions(config): |
104 """ | 106 """ |
105 This function will propagate pylons globals with all available defined | 107 This function will propagate pylons globals with all available defined |
106 permission given in db. We don't wannt to check each time from db for new | 108 permission given in db. We don't wannt to check each time from db for new |
114 all_perms = sa.query(Permission).all() | 116 all_perms = sa.query(Permission).all() |
115 except: | 117 except: |
116 pass | 118 pass |
117 finally: | 119 finally: |
118 meta.Session.remove() | 120 meta.Session.remove() |
119 | 121 |
120 config['available_permissions'] = [x.permission_name for x in all_perms] | 122 config['available_permissions'] = [x.permission_name for x in all_perms] |
121 | 123 |
122 def set_base_path(config): | 124 def set_base_path(config): |
123 config['base_path'] = config['pylons.app_globals'].base_path | 125 config['base_path'] = config['pylons.app_globals'].base_path |
124 | 126 |
125 def fill_data(user): | 127 |
126 """ | |
127 Fills user data with those from database and log out user if not present | |
128 in database | |
129 :param user: | |
130 """ | |
131 sa = meta.Session() | |
132 try: | |
133 dbuser = sa.query(User)\ | |
134 .options(FromCache('sql_cache_short', 'getuser_%s' % user.user_id))\ | |
135 .get(user.user_id) | |
136 except: | |
137 pass | |
138 finally: | |
139 meta.Session.remove() | |
140 | |
141 if dbuser: | |
142 user.username = dbuser.username | |
143 user.is_admin = dbuser.admin | |
144 user.name = dbuser.name | |
145 user.lastname = dbuser.lastname | |
146 user.email = dbuser.email | |
147 else: | |
148 user.is_authenticated = False | |
149 | |
150 | |
151 return user | |
152 | |
153 def fill_perms(user): | 128 def fill_perms(user): |
154 """ | 129 """ |
155 Fills user permission attribute with permissions taken from database | 130 Fills user permission attribute with permissions taken from database |
156 :param user: | 131 :param user: |
157 """ | 132 """ |
158 | 133 |
159 sa = meta.Session() | 134 sa = meta.Session() |
160 user.permissions['repositories'] = {} | 135 user.permissions['repositories'] = {} |
161 user.permissions['global'] = set() | 136 user.permissions['global'] = set() |
162 | 137 |
163 #=========================================================================== | 138 #=========================================================================== |
164 # fetch default permissions | 139 # fetch default permissions |
165 #=========================================================================== | 140 #=========================================================================== |
166 default_user = sa.query(User)\ | 141 default_user = UserModel(sa).get_by_username('default', cache=True) |
167 .options(FromCache('sql_cache_short', 'getuser_%s' % 'default'))\ | 142 |
168 .filter(User.username == 'default').scalar() | |
169 | |
170 default_perms = sa.query(RepoToPerm, Repository, Permission)\ | 143 default_perms = sa.query(RepoToPerm, Repository, Permission)\ |
171 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ | 144 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
172 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ | 145 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
173 .filter(RepoToPerm.user == default_user).all() | 146 .filter(RepoToPerm.user == default_user).all() |
174 | 147 |
175 if user.is_admin: | 148 if user.is_admin: |
176 #======================================================================= | 149 #======================================================================= |
177 # #admin have all default rights set to admin | 150 # #admin have all default rights set to admin |
178 #======================================================================= | 151 #======================================================================= |
179 user.permissions['global'].add('hg.admin') | 152 user.permissions['global'].add('hg.admin') |
180 | 153 |
181 for perm in default_perms: | 154 for perm in default_perms: |
182 p = 'repository.admin' | 155 p = 'repository.admin' |
183 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | 156 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
184 | 157 |
185 else: | 158 else: |
186 #======================================================================= | 159 #======================================================================= |
187 # set default permissions | 160 # set default permissions |
188 #======================================================================= | 161 #======================================================================= |
189 | 162 |
190 #default global | 163 #default global |
191 default_global_perms = sa.query(UserToPerm)\ | 164 default_global_perms = sa.query(UserToPerm)\ |
192 .filter(UserToPerm.user == sa.query(User).filter(User.username == | 165 .filter(UserToPerm.user == sa.query(User).filter(User.username == |
193 'default').one()) | 166 'default').one()) |
194 | 167 |
195 for perm in default_global_perms: | 168 for perm in default_global_perms: |
196 user.permissions['global'].add(perm.permission.permission_name) | 169 user.permissions['global'].add(perm.permission.permission_name) |
197 | 170 |
198 #default repositories | 171 #default repositories |
199 for perm in default_perms: | 172 for perm in default_perms: |
200 if perm.Repository.private and not perm.Repository.user_id == user.user_id: | 173 if perm.Repository.private and not perm.Repository.user_id == user.user_id: |
201 #disable defaults for private repos, | 174 #disable defaults for private repos, |
202 p = 'repository.none' | 175 p = 'repository.none' |
203 elif perm.Repository.user_id == user.user_id: | 176 elif perm.Repository.user_id == user.user_id: |
204 #set admin if owner | 177 #set admin if owner |
205 p = 'repository.admin' | 178 p = 'repository.admin' |
206 else: | 179 else: |
207 p = perm.Permission.permission_name | 180 p = perm.Permission.permission_name |
208 | 181 |
209 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | 182 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
210 | 183 |
211 #======================================================================= | 184 #======================================================================= |
212 # #overwrite default with user permissions if any | 185 # #overwrite default with user permissions if any |
213 #======================================================================= | 186 #======================================================================= |
214 user_perms = sa.query(RepoToPerm, Permission, Repository)\ | 187 user_perms = sa.query(RepoToPerm, Permission, Repository)\ |
215 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ | 188 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
216 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ | 189 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
217 .filter(RepoToPerm.user_id == user.user_id).all() | 190 .filter(RepoToPerm.user_id == user.user_id).all() |
218 | 191 |
219 for perm in user_perms: | 192 for perm in user_perms: |
220 if perm.Repository.user_id == user.user_id:#set admin if owner | 193 if perm.Repository.user_id == user.user_id:#set admin if owner |
221 p = 'repository.admin' | 194 p = 'repository.admin' |
222 else: | 195 else: |
223 p = perm.Permission.permission_name | 196 p = perm.Permission.permission_name |
224 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | 197 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
225 meta.Session.remove() | 198 meta.Session.remove() |
226 return user | 199 return user |
227 | 200 |
228 def get_user(session): | 201 def get_user(session): |
229 """ | 202 """ |
230 Gets user from session, and wraps permissions into user | 203 Gets user from session, and wraps permissions into user |
231 :param session: | 204 :param session: |
232 """ | 205 """ |
233 user = session.get('rhodecode_user', AuthUser()) | 206 user = session.get('rhodecode_user', AuthUser()) |
207 | |
208 | |
209 #if the user is not logged in we check for anonymous access | |
210 #if user is logged and it's a default user check if we still have anonymous | |
211 #access enabled | |
212 if user.user_id is None or user.username == 'default': | |
213 anonymous_user = UserModel().get_by_username('default', cache=True) | |
214 if anonymous_user.active is True: | |
215 #then we set this user is logged in | |
216 user.is_authenticated = True | |
217 else: | |
218 user.is_authenticated = False | |
219 | |
234 if user.is_authenticated: | 220 if user.is_authenticated: |
235 user = fill_data(user) | 221 user = UserModel().fill_data(user) |
222 | |
236 user = fill_perms(user) | 223 user = fill_perms(user) |
237 session['rhodecode_user'] = user | 224 session['rhodecode_user'] = user |
238 session.save() | 225 session.save() |
239 return user | 226 return user |
240 | 227 |
241 #=============================================================================== | 228 #=============================================================================== |
242 # CHECK DECORATORS | 229 # CHECK DECORATORS |
243 #=============================================================================== | 230 #=============================================================================== |
244 class LoginRequired(object): | 231 class LoginRequired(object): |
245 """Must be logged in to execute this function else redirect to login page""" | 232 """Must be logged in to execute this function else redirect to login page""" |
246 | 233 |
247 def __call__(self, func): | 234 def __call__(self, func): |
248 return decorator(self.__wrapper, func) | 235 return decorator(self.__wrapper, func) |
249 | 236 |
250 def __wrapper(self, func, *fargs, **fkwargs): | 237 def __wrapper(self, func, *fargs, **fkwargs): |
251 user = session.get('rhodecode_user', AuthUser()) | 238 user = session.get('rhodecode_user', AuthUser()) |
252 log.debug('Checking login required for user:%s', user.username) | 239 log.debug('Checking login required for user:%s', user.username) |
253 if user.is_authenticated: | 240 if user.is_authenticated: |
254 log.debug('user %s is authenticated', user.username) | 241 log.debug('user %s is authenticated', user.username) |
255 return func(*fargs, **fkwargs) | 242 return func(*fargs, **fkwargs) |
256 else: | 243 else: |
257 log.warn('user %s not authenticated', user.username) | 244 log.warn('user %s not authenticated', user.username) |
258 | 245 |
259 p = '' | 246 p = '' |
260 if request.environ.get('SCRIPT_NAME') != '/': | 247 if request.environ.get('SCRIPT_NAME') != '/': |
261 p += request.environ.get('SCRIPT_NAME') | 248 p += request.environ.get('SCRIPT_NAME') |
262 | 249 |
263 p += request.environ.get('PATH_INFO') | 250 p += request.environ.get('PATH_INFO') |
264 if request.environ.get('QUERY_STRING'): | 251 if request.environ.get('QUERY_STRING'): |
265 p += '?' + request.environ.get('QUERY_STRING') | 252 p += '?' + request.environ.get('QUERY_STRING') |
266 | 253 |
267 log.debug('redirecting to login page with %s', p) | 254 log.debug('redirecting to login page with %s', p) |
268 return redirect(url('login_home', came_from=p)) | 255 return redirect(url('login_home', came_from=p)) |
269 | 256 |
270 class PermsDecorator(object): | 257 class PermsDecorator(object): |
271 """Base class for decorators""" | 258 """Base class for decorators""" |
272 | 259 |
273 def __init__(self, *required_perms): | 260 def __init__(self, *required_perms): |
274 available_perms = config['available_permissions'] | 261 available_perms = config['available_permissions'] |
275 for perm in required_perms: | 262 for perm in required_perms: |
276 if perm not in available_perms: | 263 if perm not in available_perms: |
277 raise Exception("'%s' permission is not defined" % perm) | 264 raise Exception("'%s' permission is not defined" % perm) |
278 self.required_perms = set(required_perms) | 265 self.required_perms = set(required_perms) |
279 self.user_perms = None | 266 self.user_perms = None |
280 | 267 |
281 def __call__(self, func): | 268 def __call__(self, func): |
282 return decorator(self.__wrapper, func) | 269 return decorator(self.__wrapper, func) |
283 | 270 |
284 | 271 |
285 def __wrapper(self, func, *fargs, **fkwargs): | 272 def __wrapper(self, func, *fargs, **fkwargs): |
286 # _wrapper.__name__ = func.__name__ | 273 # _wrapper.__name__ = func.__name__ |
287 # _wrapper.__dict__.update(func.__dict__) | 274 # _wrapper.__dict__.update(func.__dict__) |
288 # _wrapper.__doc__ = func.__doc__ | 275 # _wrapper.__doc__ = func.__doc__ |
289 | 276 self.user = session.get('rhodecode_user', AuthUser()) |
290 self.user_perms = session.get('rhodecode_user', AuthUser()).permissions | 277 self.user_perms = self.user.permissions |
291 log.debug('checking %s permissions %s for %s', | 278 log.debug('checking %s permissions %s for %s %s', |
292 self.__class__.__name__, self.required_perms, func.__name__) | 279 self.__class__.__name__, self.required_perms, func.__name__, |
293 | 280 self.user) |
281 | |
294 if self.check_permissions(): | 282 if self.check_permissions(): |
295 log.debug('Permission granted for %s', func.__name__) | 283 log.debug('Permission granted for %s %s', func.__name__, self.user) |
296 | 284 |
297 return func(*fargs, **fkwargs) | 285 return func(*fargs, **fkwargs) |
298 | 286 |
299 else: | 287 else: |
300 log.warning('Permission denied for %s', func.__name__) | 288 log.warning('Permission denied for %s %s', func.__name__, self.user) |
301 #redirect with forbidden ret code | 289 #redirect with forbidden ret code |
302 return abort(403) | 290 return abort(403) |
303 | 291 |
304 | 292 |
305 | 293 |
306 def check_permissions(self): | 294 def check_permissions(self): |
307 """Dummy function for overriding""" | 295 """Dummy function for overriding""" |
308 raise Exception('You have to write this function in child class') | 296 raise Exception('You have to write this function in child class') |
309 | 297 |
310 class HasPermissionAllDecorator(PermsDecorator): | 298 class HasPermissionAllDecorator(PermsDecorator): |
311 """Checks for access permission for all given predicates. All of them | 299 """Checks for access permission for all given predicates. All of them |
312 have to be meet in order to fulfill the request | 300 have to be meet in order to fulfill the request |
313 """ | 301 """ |
314 | 302 |
315 def check_permissions(self): | 303 def check_permissions(self): |
316 if self.required_perms.issubset(self.user_perms.get('global')): | 304 if self.required_perms.issubset(self.user_perms.get('global')): |
317 return True | 305 return True |
318 return False | 306 return False |
319 | 307 |
320 | 308 |
321 class HasPermissionAnyDecorator(PermsDecorator): | 309 class HasPermissionAnyDecorator(PermsDecorator): |
322 """Checks for access permission for any of given predicates. In order to | 310 """Checks for access permission for any of given predicates. In order to |
323 fulfill the request any of predicates must be meet | 311 fulfill the request any of predicates must be meet |
324 """ | 312 """ |
325 | 313 |
326 def check_permissions(self): | 314 def check_permissions(self): |
327 if self.required_perms.intersection(self.user_perms.get('global')): | 315 if self.required_perms.intersection(self.user_perms.get('global')): |
328 return True | 316 return True |
329 return False | 317 return False |
330 | 318 |
331 class HasRepoPermissionAllDecorator(PermsDecorator): | 319 class HasRepoPermissionAllDecorator(PermsDecorator): |
332 """Checks for access permission for all given predicates for specific | 320 """Checks for access permission for all given predicates for specific |
333 repository. All of them have to be meet in order to fulfill the request | 321 repository. All of them have to be meet in order to fulfill the request |
334 """ | 322 """ |
335 | 323 |
336 def check_permissions(self): | 324 def check_permissions(self): |
337 repo_name = get_repo_slug(request) | 325 repo_name = get_repo_slug(request) |
338 try: | 326 try: |
339 user_perms = set([self.user_perms['repositories'][repo_name]]) | 327 user_perms = set([self.user_perms['repositories'][repo_name]]) |
340 except KeyError: | 328 except KeyError: |
341 return False | 329 return False |
342 if self.required_perms.issubset(user_perms): | 330 if self.required_perms.issubset(user_perms): |
343 return True | 331 return True |
344 return False | 332 return False |
345 | 333 |
346 | 334 |
347 class HasRepoPermissionAnyDecorator(PermsDecorator): | 335 class HasRepoPermissionAnyDecorator(PermsDecorator): |
348 """Checks for access permission for any of given predicates for specific | 336 """Checks for access permission for any of given predicates for specific |
349 repository. In order to fulfill the request any of predicates must be meet | 337 repository. In order to fulfill the request any of predicates must be meet |
350 """ | 338 """ |
351 | 339 |
352 def check_permissions(self): | 340 def check_permissions(self): |
353 repo_name = get_repo_slug(request) | 341 repo_name = get_repo_slug(request) |
354 | 342 |
355 try: | 343 try: |
356 user_perms = set([self.user_perms['repositories'][repo_name]]) | 344 user_perms = set([self.user_perms['repositories'][repo_name]]) |
357 except KeyError: | 345 except KeyError: |
358 return False | 346 return False |
359 if self.required_perms.intersection(user_perms): | 347 if self.required_perms.intersection(user_perms): |
363 # CHECK FUNCTIONS | 351 # CHECK FUNCTIONS |
364 #=============================================================================== | 352 #=============================================================================== |
365 | 353 |
366 class PermsFunction(object): | 354 class PermsFunction(object): |
367 """Base function for other check functions""" | 355 """Base function for other check functions""" |
368 | 356 |
369 def __init__(self, *perms): | 357 def __init__(self, *perms): |
370 available_perms = config['available_permissions'] | 358 available_perms = config['available_permissions'] |
371 | 359 |
372 for perm in perms: | 360 for perm in perms: |
373 if perm not in available_perms: | 361 if perm not in available_perms: |
374 raise Exception("'%s' permission in not defined" % perm) | 362 raise Exception("'%s' permission in not defined" % perm) |
375 self.required_perms = set(perms) | 363 self.required_perms = set(perms) |
376 self.user_perms = None | 364 self.user_perms = None |
377 self.granted_for = '' | 365 self.granted_for = '' |
378 self.repo_name = None | 366 self.repo_name = None |
379 | 367 |
380 def __call__(self, check_Location=''): | 368 def __call__(self, check_Location=''): |
381 user = session.get('rhodecode_user', False) | 369 user = session.get('rhodecode_user', False) |
382 if not user: | 370 if not user: |
383 return False | 371 return False |
384 self.user_perms = user.permissions | 372 self.user_perms = user.permissions |
385 self.granted_for = user.username | 373 self.granted_for = user.username |
386 log.debug('checking %s %s', self.__class__.__name__, self.required_perms) | 374 log.debug('checking %s %s %s', self.__class__.__name__, |
387 | 375 self.required_perms, user) |
376 | |
388 if self.check_permissions(): | 377 if self.check_permissions(): |
389 log.debug('Permission granted for %s @%s', self.granted_for, | 378 log.debug('Permission granted for %s @ %s %s', self.granted_for, |
390 check_Location) | 379 check_Location, user) |
391 return True | 380 return True |
392 | 381 |
393 else: | 382 else: |
394 log.warning('Permission denied for %s @%s', self.granted_for, | 383 log.warning('Permission denied for %s @ %s %s', self.granted_for, |
395 check_Location) | 384 check_Location, user) |
396 return False | 385 return False |
397 | 386 |
398 def check_permissions(self): | 387 def check_permissions(self): |
399 """Dummy function for overriding""" | 388 """Dummy function for overriding""" |
400 raise Exception('You have to write this function in child class') | 389 raise Exception('You have to write this function in child class') |
401 | 390 |
402 class HasPermissionAll(PermsFunction): | 391 class HasPermissionAll(PermsFunction): |
403 def check_permissions(self): | 392 def check_permissions(self): |
404 if self.required_perms.issubset(self.user_perms.get('global')): | 393 if self.required_perms.issubset(self.user_perms.get('global')): |
405 return True | 394 return True |
406 return False | 395 return False |
410 if self.required_perms.intersection(self.user_perms.get('global')): | 399 if self.required_perms.intersection(self.user_perms.get('global')): |
411 return True | 400 return True |
412 return False | 401 return False |
413 | 402 |
414 class HasRepoPermissionAll(PermsFunction): | 403 class HasRepoPermissionAll(PermsFunction): |
415 | 404 |
416 def __call__(self, repo_name=None, check_Location=''): | 405 def __call__(self, repo_name=None, check_Location=''): |
417 self.repo_name = repo_name | 406 self.repo_name = repo_name |
418 return super(HasRepoPermissionAll, self).__call__(check_Location) | 407 return super(HasRepoPermissionAll, self).__call__(check_Location) |
419 | 408 |
420 def check_permissions(self): | 409 def check_permissions(self): |
421 if not self.repo_name: | 410 if not self.repo_name: |
422 self.repo_name = get_repo_slug(request) | 411 self.repo_name = get_repo_slug(request) |
423 | 412 |
424 try: | 413 try: |
425 self.user_perms = set([self.user_perms['repositories']\ | 414 self.user_perms = set([self.user_perms['repositories']\ |
426 [self.repo_name]]) | 415 [self.repo_name]]) |
427 except KeyError: | 416 except KeyError: |
428 return False | 417 return False |
429 self.granted_for = self.repo_name | 418 self.granted_for = self.repo_name |
430 if self.required_perms.issubset(self.user_perms): | 419 if self.required_perms.issubset(self.user_perms): |
431 return True | 420 return True |
432 return False | 421 return False |
433 | 422 |
434 class HasRepoPermissionAny(PermsFunction): | 423 class HasRepoPermissionAny(PermsFunction): |
435 | 424 |
436 def __call__(self, repo_name=None, check_Location=''): | 425 def __call__(self, repo_name=None, check_Location=''): |
437 self.repo_name = repo_name | 426 self.repo_name = repo_name |
438 return super(HasRepoPermissionAny, self).__call__(check_Location) | 427 return super(HasRepoPermissionAny, self).__call__(check_Location) |
439 | 428 |
440 def check_permissions(self): | 429 def check_permissions(self): |
441 if not self.repo_name: | 430 if not self.repo_name: |
442 self.repo_name = get_repo_slug(request) | 431 self.repo_name = get_repo_slug(request) |
443 | 432 |
444 try: | 433 try: |
456 #=============================================================================== | 445 #=============================================================================== |
457 | 446 |
458 class HasPermissionAnyMiddleware(object): | 447 class HasPermissionAnyMiddleware(object): |
459 def __init__(self, *perms): | 448 def __init__(self, *perms): |
460 self.required_perms = set(perms) | 449 self.required_perms = set(perms) |
461 | 450 |
462 def __call__(self, user, repo_name): | 451 def __call__(self, user, repo_name): |
463 usr = AuthUser() | 452 usr = AuthUser() |
464 usr.user_id = user.user_id | 453 usr.user_id = user.user_id |
465 usr.username = user.username | 454 usr.username = user.username |
466 usr.is_admin = user.admin | 455 usr.is_admin = user.admin |
467 | 456 |
468 try: | 457 try: |
469 self.user_perms = set([fill_perms(usr)\ | 458 self.user_perms = set([fill_perms(usr)\ |
470 .permissions['repositories'][repo_name]]) | 459 .permissions['repositories'][repo_name]]) |
471 except: | 460 except: |
472 self.user_perms = set() | 461 self.user_perms = set() |
473 self.granted_for = '' | 462 self.granted_for = '' |
474 self.username = user.username | 463 self.username = user.username |
475 self.repo_name = repo_name | 464 self.repo_name = repo_name |
476 return self.check_permissions() | 465 return self.check_permissions() |
477 | 466 |
478 def check_permissions(self): | 467 def check_permissions(self): |
479 log.debug('checking mercurial protocol ' | 468 log.debug('checking mercurial protocol ' |
480 'permissions for user:%s repository:%s', | 469 'permissions for user:%s repository:%s', |
481 self.username, self.repo_name) | 470 self.username, self.repo_name) |
482 if self.required_perms.intersection(self.user_perms): | 471 if self.required_perms.intersection(self.user_perms): |