Mercurial > kallithea
comparison rhodecode/model/permission.py @ 3730:e42e1d4e1c47 beta
make the permission update function idempotent
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 09 Apr 2013 15:39:45 +0200 |
| parents | 260a7a01b054 |
| children | af049a957506 |
comparison
equal
deleted
inserted
replaced
| 3729:49e5d4fa01e9 | 3730:e42e1d4e1c47 |
|---|---|
| 26 import logging | 26 import logging |
| 27 import traceback | 27 import traceback |
| 28 | 28 |
| 29 from sqlalchemy.exc import DatabaseError | 29 from sqlalchemy.exc import DatabaseError |
| 30 | 30 |
| 31 from rhodecode.lib.caching_query import FromCache | |
| 32 | |
| 33 from rhodecode.model import BaseModel | 31 from rhodecode.model import BaseModel |
| 34 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\ | 32 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\ |
| 35 UserRepoGroupToPerm | 33 UserRepoGroupToPerm |
| 34 from rhodecode.lib.utils2 import str2bool | |
| 36 | 35 |
| 37 log = logging.getLogger(__name__) | 36 log = logging.getLogger(__name__) |
| 38 | 37 |
| 39 | 38 |
| 40 class PermissionModel(BaseModel): | 39 class PermissionModel(BaseModel): |
| 42 Permissions model for RhodeCode | 41 Permissions model for RhodeCode |
| 43 """ | 42 """ |
| 44 | 43 |
| 45 cls = Permission | 44 cls = Permission |
| 46 | 45 |
| 47 def get_permission(self, permission_id, cache=False): | |
| 48 """ | |
| 49 Get's permissions by id | |
| 50 | |
| 51 :param permission_id: id of permission to get from database | |
| 52 :param cache: use Cache for this query | |
| 53 """ | |
| 54 perm = self.sa.query(Permission) | |
| 55 if cache: | |
| 56 perm = perm.options(FromCache("sql_cache_short", | |
| 57 "get_permission_%s" % permission_id)) | |
| 58 return perm.get(permission_id) | |
| 59 | |
| 60 def get_permission_by_name(self, name, cache=False): | |
| 61 """ | |
| 62 Get's permissions by given name | |
| 63 | |
| 64 :param name: name to fetch | |
| 65 :param cache: Use cache for this query | |
| 66 """ | |
| 67 perm = self.sa.query(Permission)\ | |
| 68 .filter(Permission.permission_name == name) | |
| 69 if cache: | |
| 70 perm = perm.options(FromCache("sql_cache_short", | |
| 71 "get_permission_%s" % name)) | |
| 72 return perm.scalar() | |
| 73 | |
| 74 def update(self, form_result): | 46 def update(self, form_result): |
| 75 perm_user = self.sa.query(User)\ | 47 perm_user = User.get_by_username(username=form_result['perm_user_name']) |
| 76 .filter(User.username == | 48 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all() |
| 77 form_result['perm_user_name']).scalar() | |
| 78 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == | |
| 79 perm_user).all() | |
| 80 if len(u2p) != len(User.DEFAULT_PERMISSIONS): | |
| 81 raise Exception('Defined: %s should be %s permissions for default' | |
| 82 ' user. This should not happen please verify' | |
| 83 ' your database' % (len(u2p), len(User.DEFAULT_PERMISSIONS))) | |
| 84 | 49 |
| 85 try: | 50 try: |
| 86 # stage 1 change defaults | 51 def _make_new(usr, perm_name): |
| 52 new = UserToPerm() | |
| 53 new.user = usr | |
| 54 new.permission = Permission.get_by_key(perm_name) | |
| 55 return new | |
| 56 # clear current entries, to make this function idempotent | |
| 57 # it will fix even if we define more permissions or permissions | |
| 58 # are somehow missing | |
| 87 for p in u2p: | 59 for p in u2p: |
| 88 if p.permission.permission_name.startswith('repository.'): | 60 self.sa.delete(p) |
| 89 p.permission = self.get_permission_by_name( | 61 #create fresh set of permissions |
| 90 form_result['default_repo_perm']) | 62 for def_perm_key in ['default_repo_perm', 'default_group_perm', |
| 91 self.sa.add(p) | 63 'default_register', 'default_create', |
| 92 | 64 'default_fork']: |
| 93 elif p.permission.permission_name.startswith('group.'): | 65 p = _make_new(perm_user, form_result[def_perm_key]) |
| 94 p.permission = self.get_permission_by_name( | 66 self.sa.add(p) |
| 95 form_result['default_group_perm']) | |
| 96 self.sa.add(p) | |
| 97 | |
| 98 elif p.permission.permission_name.startswith('hg.register.'): | |
| 99 p.permission = self.get_permission_by_name( | |
| 100 form_result['default_register']) | |
| 101 self.sa.add(p) | |
| 102 | |
| 103 elif p.permission.permission_name.startswith('hg.create.'): | |
| 104 p.permission = self.get_permission_by_name( | |
| 105 form_result['default_create']) | |
| 106 self.sa.add(p) | |
| 107 | |
| 108 elif p.permission.permission_name.startswith('hg.fork.'): | |
| 109 p.permission = self.get_permission_by_name( | |
| 110 form_result['default_fork']) | |
| 111 self.sa.add(p) | |
| 112 | 67 |
| 113 #stage 2 update all default permissions for repos if checked | 68 #stage 2 update all default permissions for repos if checked |
| 114 if form_result['overwrite_default_repo'] == True: | 69 if form_result['overwrite_default_repo'] == True: |
| 115 _def_name = form_result['default_repo_perm'].split('repository.')[-1] | 70 _def_name = form_result['default_repo_perm'].split('repository.')[-1] |
| 116 _def = self.get_permission_by_name('repository.' + _def_name) | 71 _def = Permission.get_by_key('repository.' + _def_name) |
| 117 # repos | 72 # repos |
| 118 for r2p in self.sa.query(UserRepoToPerm)\ | 73 for r2p in self.sa.query(UserRepoToPerm)\ |
| 119 .filter(UserRepoToPerm.user == perm_user)\ | 74 .filter(UserRepoToPerm.user == perm_user)\ |
| 120 .all(): | 75 .all(): |
| 121 | 76 |
| 125 self.sa.add(r2p) | 80 self.sa.add(r2p) |
| 126 | 81 |
| 127 if form_result['overwrite_default_group'] == True: | 82 if form_result['overwrite_default_group'] == True: |
| 128 _def_name = form_result['default_group_perm'].split('group.')[-1] | 83 _def_name = form_result['default_group_perm'].split('group.')[-1] |
| 129 # groups | 84 # groups |
| 130 _def = self.get_permission_by_name('group.' + _def_name) | 85 _def = Permission.get_by_key('group.' + _def_name) |
| 131 for g2p in self.sa.query(UserRepoGroupToPerm)\ | 86 for g2p in self.sa.query(UserRepoGroupToPerm)\ |
| 132 .filter(UserRepoGroupToPerm.user == perm_user)\ | 87 .filter(UserRepoGroupToPerm.user == perm_user)\ |
| 133 .all(): | 88 .all(): |
| 134 g2p.permission = _def | 89 g2p.permission = _def |
| 135 self.sa.add(g2p) | 90 self.sa.add(g2p) |
| 136 | 91 |
| 137 # stage 3 set anonymous access | 92 # stage 3 set anonymous access |
| 138 if perm_user.username == 'default': | 93 if perm_user.username == 'default': |
| 139 perm_user.active = bool(form_result['anonymous']) | 94 perm_user.active = str2bool(form_result['anonymous']) |
| 140 self.sa.add(perm_user) | 95 self.sa.add(perm_user) |
| 141 | 96 |
| 97 self.sa.commit() | |
| 142 except (DatabaseError,): | 98 except (DatabaseError,): |
| 143 log.error(traceback.format_exc()) | 99 log.error(traceback.format_exc()) |
| 100 self.sa.rollback() | |
| 144 raise | 101 raise |