Mercurial > kallithea

diff rhodecode/lib/auth.py @ 3714:7e3d89d9d3a2 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Manage User’s Groups: create, delete, rename, add/remove users inside. by user group admin. In this case, a user's group can be owned by several people thru an owner user's group. Some refactoring of naming, permission handling logic. - remove some code duplicity as well as inconsistent naming
author Marcin Kuzminski <marcin@python-works.com>
date Mon, 08 Apr 2013 22:47:35 +0200
parents 1ec67ddcaffe
children a8f520540ab0
line wrap: on
line diff
--- a/rhodecode/lib/auth.py	Mon Apr 08 20:38:37 2013 +0200
+++ b/rhodecode/lib/auth.py	Mon Apr 08 22:47:35 2013 +0200
@@ -42,7 +42,8 @@
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\
     LdapImportError
-from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
+from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\
+    get_user_group_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 
 from rhodecode.model import meta
@@ -410,7 +411,7 @@
                 if x[1] == 'repository.admin']
 
     @property
-    def groups_admin(self):
+    def repository_groups_admin(self):
         """
         Returns list of repository groups you're an admin of
         """
@@ -418,6 +419,14 @@
                 if x[1] == 'group.admin']
 
     @property
+    def user_groups_admin(self):
+        """
+        Returns list of user groups you're an admin of
+        """
+        return [x[0] for x in self.permissions['user_groups'].iteritems()
+                if x[1] == 'usergroup.admin']
+
+    @property
     def ip_allowed(self):
         """
         Checks if ip_addr used in constructor is allowed from defined list of
@@ -693,7 +702,7 @@
 class HasReposGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
-    repository. All of them have to be meet in order to fulfill the request
+    repository group. All of them have to be meet in order to fulfill the request
     """
 
     def check_permissions(self):
@@ -711,7 +720,7 @@
 class HasReposGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
-    repository. In order to fulfill the request any of predicates must be meet
+    repository group. In order to fulfill the request any of predicates must be meet
     """
 
     def check_permissions(self):
@@ -726,6 +735,42 @@
         return False
 
 
+class HasUserGroupPermissionAllDecorator(PermsDecorator):
+    """
+    Checks for access permission for all given predicates for specific
+    user group. All of them have to be meet in order to fulfill the request
+    """
+
+    def check_permissions(self):
+        group_name = get_user_group_slug(request)
+        try:
+            user_perms = set([self.user_perms['user_groups'][group_name]])
+        except KeyError:
+            return False
+
+        if self.required_perms.issubset(user_perms):
+            return True
+        return False
+
+
+class HasUserGroupPermissionAnyDecorator(PermsDecorator):
+    """
+    Checks for access permission for any of given predicates for specific
+    user group. In order to fulfill the request any of predicates must be meet
+    """
+
+    def check_permissions(self):
+        group_name = get_user_group_slug(request)
+        try:
+            user_perms = set([self.user_perms['user_groups'][group_name]])
+        except KeyError:
+            return False
+
+        if self.required_perms.intersection(user_perms):
+            return True
+        return False
+
+
 #==============================================================================
 # CHECK FUNCTIONS
 #==============================================================================
@@ -865,6 +910,39 @@
         return False
 
 
+class HasUserGroupPermissionAny(PermsFunction):
+    def __call__(self, user_group_name=None, check_location=''):
+        self.user_group_name = user_group_name
+        return super(HasUserGroupPermissionAny, self).__call__(check_location)
+
+    def check_permissions(self):
+        try:
+            self._user_perms = set(
+                [self.user_perms['user_groups'][self.user_group_name]]
+            )
+        except KeyError:
+            return False
+        if self.required_perms.intersection(self._user_perms):
+            return True
+        return False
+
+
+class HasUserGroupPermissionAll(PermsFunction):
+    def __call__(self, user_group_name=None, check_location=''):
+        self.user_group_name = user_group_name
+        return super(HasUserGroupPermissionAll, self).__call__(check_location)
+
+    def check_permissions(self):
+        try:
+            self._user_perms = set(
+                [self.user_perms['user_groups'][self.user_group_name]]
+            )
+        except KeyError:
+            return False
+        if self.required_perms.issubset(self._user_perms):
+            return True
+        return False
+
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #==============================================================================