Mercurial > kallithea
comparison rhodecode/model/permission.py @ 3730:e42e1d4e1c47 beta
make the permission update function idempotent
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Tue, 09 Apr 2013 15:39:45 +0200 |
parents | 260a7a01b054 |
children | af049a957506 |
comparison
equal
deleted
inserted
replaced
3729:49e5d4fa01e9 | 3730:e42e1d4e1c47 |
---|---|
26 import logging | 26 import logging |
27 import traceback | 27 import traceback |
28 | 28 |
29 from sqlalchemy.exc import DatabaseError | 29 from sqlalchemy.exc import DatabaseError |
30 | 30 |
31 from rhodecode.lib.caching_query import FromCache | |
32 | |
33 from rhodecode.model import BaseModel | 31 from rhodecode.model import BaseModel |
34 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\ | 32 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\ |
35 UserRepoGroupToPerm | 33 UserRepoGroupToPerm |
34 from rhodecode.lib.utils2 import str2bool | |
36 | 35 |
37 log = logging.getLogger(__name__) | 36 log = logging.getLogger(__name__) |
38 | 37 |
39 | 38 |
40 class PermissionModel(BaseModel): | 39 class PermissionModel(BaseModel): |
42 Permissions model for RhodeCode | 41 Permissions model for RhodeCode |
43 """ | 42 """ |
44 | 43 |
45 cls = Permission | 44 cls = Permission |
46 | 45 |
47 def get_permission(self, permission_id, cache=False): | |
48 """ | |
49 Get's permissions by id | |
50 | |
51 :param permission_id: id of permission to get from database | |
52 :param cache: use Cache for this query | |
53 """ | |
54 perm = self.sa.query(Permission) | |
55 if cache: | |
56 perm = perm.options(FromCache("sql_cache_short", | |
57 "get_permission_%s" % permission_id)) | |
58 return perm.get(permission_id) | |
59 | |
60 def get_permission_by_name(self, name, cache=False): | |
61 """ | |
62 Get's permissions by given name | |
63 | |
64 :param name: name to fetch | |
65 :param cache: Use cache for this query | |
66 """ | |
67 perm = self.sa.query(Permission)\ | |
68 .filter(Permission.permission_name == name) | |
69 if cache: | |
70 perm = perm.options(FromCache("sql_cache_short", | |
71 "get_permission_%s" % name)) | |
72 return perm.scalar() | |
73 | |
74 def update(self, form_result): | 46 def update(self, form_result): |
75 perm_user = self.sa.query(User)\ | 47 perm_user = User.get_by_username(username=form_result['perm_user_name']) |
76 .filter(User.username == | 48 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all() |
77 form_result['perm_user_name']).scalar() | |
78 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == | |
79 perm_user).all() | |
80 if len(u2p) != len(User.DEFAULT_PERMISSIONS): | |
81 raise Exception('Defined: %s should be %s permissions for default' | |
82 ' user. This should not happen please verify' | |
83 ' your database' % (len(u2p), len(User.DEFAULT_PERMISSIONS))) | |
84 | 49 |
85 try: | 50 try: |
86 # stage 1 change defaults | 51 def _make_new(usr, perm_name): |
52 new = UserToPerm() | |
53 new.user = usr | |
54 new.permission = Permission.get_by_key(perm_name) | |
55 return new | |
56 # clear current entries, to make this function idempotent | |
57 # it will fix even if we define more permissions or permissions | |
58 # are somehow missing | |
87 for p in u2p: | 59 for p in u2p: |
88 if p.permission.permission_name.startswith('repository.'): | 60 self.sa.delete(p) |
89 p.permission = self.get_permission_by_name( | 61 #create fresh set of permissions |
90 form_result['default_repo_perm']) | 62 for def_perm_key in ['default_repo_perm', 'default_group_perm', |
91 self.sa.add(p) | 63 'default_register', 'default_create', |
92 | 64 'default_fork']: |
93 elif p.permission.permission_name.startswith('group.'): | 65 p = _make_new(perm_user, form_result[def_perm_key]) |
94 p.permission = self.get_permission_by_name( | 66 self.sa.add(p) |
95 form_result['default_group_perm']) | |
96 self.sa.add(p) | |
97 | |
98 elif p.permission.permission_name.startswith('hg.register.'): | |
99 p.permission = self.get_permission_by_name( | |
100 form_result['default_register']) | |
101 self.sa.add(p) | |
102 | |
103 elif p.permission.permission_name.startswith('hg.create.'): | |
104 p.permission = self.get_permission_by_name( | |
105 form_result['default_create']) | |
106 self.sa.add(p) | |
107 | |
108 elif p.permission.permission_name.startswith('hg.fork.'): | |
109 p.permission = self.get_permission_by_name( | |
110 form_result['default_fork']) | |
111 self.sa.add(p) | |
112 | 67 |
113 #stage 2 update all default permissions for repos if checked | 68 #stage 2 update all default permissions for repos if checked |
114 if form_result['overwrite_default_repo'] == True: | 69 if form_result['overwrite_default_repo'] == True: |
115 _def_name = form_result['default_repo_perm'].split('repository.')[-1] | 70 _def_name = form_result['default_repo_perm'].split('repository.')[-1] |
116 _def = self.get_permission_by_name('repository.' + _def_name) | 71 _def = Permission.get_by_key('repository.' + _def_name) |
117 # repos | 72 # repos |
118 for r2p in self.sa.query(UserRepoToPerm)\ | 73 for r2p in self.sa.query(UserRepoToPerm)\ |
119 .filter(UserRepoToPerm.user == perm_user)\ | 74 .filter(UserRepoToPerm.user == perm_user)\ |
120 .all(): | 75 .all(): |
121 | 76 |
125 self.sa.add(r2p) | 80 self.sa.add(r2p) |
126 | 81 |
127 if form_result['overwrite_default_group'] == True: | 82 if form_result['overwrite_default_group'] == True: |
128 _def_name = form_result['default_group_perm'].split('group.')[-1] | 83 _def_name = form_result['default_group_perm'].split('group.')[-1] |
129 # groups | 84 # groups |
130 _def = self.get_permission_by_name('group.' + _def_name) | 85 _def = Permission.get_by_key('group.' + _def_name) |
131 for g2p in self.sa.query(UserRepoGroupToPerm)\ | 86 for g2p in self.sa.query(UserRepoGroupToPerm)\ |
132 .filter(UserRepoGroupToPerm.user == perm_user)\ | 87 .filter(UserRepoGroupToPerm.user == perm_user)\ |
133 .all(): | 88 .all(): |
134 g2p.permission = _def | 89 g2p.permission = _def |
135 self.sa.add(g2p) | 90 self.sa.add(g2p) |
136 | 91 |
137 # stage 3 set anonymous access | 92 # stage 3 set anonymous access |
138 if perm_user.username == 'default': | 93 if perm_user.username == 'default': |
139 perm_user.active = bool(form_result['anonymous']) | 94 perm_user.active = str2bool(form_result['anonymous']) |
140 self.sa.add(perm_user) | 95 self.sa.add(perm_user) |
141 | 96 |
97 self.sa.commit() | |
142 except (DatabaseError,): | 98 except (DatabaseError,): |
143 log.error(traceback.format_exc()) | 99 log.error(traceback.format_exc()) |
100 self.sa.rollback() | |
144 raise | 101 raise |