Mercurial > kallithea
diff rhodecode/lib/auth.py @ 3714:7e3d89d9d3a2 beta
- Manage User’s Groups: create, delete, rename, add/remove users inside.
by user group admin.
In this case, a user's group can be owned by several people thru an owner user's group.
Some refactoring of naming, permission handling logic.
- remove some code duplicity as well as inconsistent naming
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 08 Apr 2013 22:47:35 +0200 |
parents | 1ec67ddcaffe |
children | a8f520540ab0 |
line wrap: on
line diff
--- a/rhodecode/lib/auth.py Mon Apr 08 20:38:37 2013 +0200 +++ b/rhodecode/lib/auth.py Mon Apr 08 22:47:35 2013 +0200 @@ -42,7 +42,8 @@ from rhodecode.lib.utils2 import str2bool, safe_unicode from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\ LdapImportError -from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug +from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\ + get_user_group_slug from rhodecode.lib.auth_ldap import AuthLdap from rhodecode.model import meta @@ -410,7 +411,7 @@ if x[1] == 'repository.admin'] @property - def groups_admin(self): + def repository_groups_admin(self): """ Returns list of repository groups you're an admin of """ @@ -418,6 +419,14 @@ if x[1] == 'group.admin'] @property + def user_groups_admin(self): + """ + Returns list of user groups you're an admin of + """ + return [x[0] for x in self.permissions['user_groups'].iteritems() + if x[1] == 'usergroup.admin'] + + @property def ip_allowed(self): """ Checks if ip_addr used in constructor is allowed from defined list of @@ -693,7 +702,7 @@ class HasReposGroupPermissionAllDecorator(PermsDecorator): """ Checks for access permission for all given predicates for specific - repository. All of them have to be meet in order to fulfill the request + repository group. All of them have to be meet in order to fulfill the request """ def check_permissions(self): @@ -711,7 +720,7 @@ class HasReposGroupPermissionAnyDecorator(PermsDecorator): """ Checks for access permission for any of given predicates for specific - repository. In order to fulfill the request any of predicates must be meet + repository group. In order to fulfill the request any of predicates must be meet """ def check_permissions(self): @@ -726,6 +735,42 @@ return False +class HasUserGroupPermissionAllDecorator(PermsDecorator): + """ + Checks for access permission for all given predicates for specific + user group. All of them have to be meet in order to fulfill the request + """ + + def check_permissions(self): + group_name = get_user_group_slug(request) + try: + user_perms = set([self.user_perms['user_groups'][group_name]]) + except KeyError: + return False + + if self.required_perms.issubset(user_perms): + return True + return False + + +class HasUserGroupPermissionAnyDecorator(PermsDecorator): + """ + Checks for access permission for any of given predicates for specific + user group. In order to fulfill the request any of predicates must be meet + """ + + def check_permissions(self): + group_name = get_user_group_slug(request) + try: + user_perms = set([self.user_perms['user_groups'][group_name]]) + except KeyError: + return False + + if self.required_perms.intersection(user_perms): + return True + return False + + #============================================================================== # CHECK FUNCTIONS #============================================================================== @@ -865,6 +910,39 @@ return False +class HasUserGroupPermissionAny(PermsFunction): + def __call__(self, user_group_name=None, check_location=''): + self.user_group_name = user_group_name + return super(HasUserGroupPermissionAny, self).__call__(check_location) + + def check_permissions(self): + try: + self._user_perms = set( + [self.user_perms['user_groups'][self.user_group_name]] + ) + except KeyError: + return False + if self.required_perms.intersection(self._user_perms): + return True + return False + + +class HasUserGroupPermissionAll(PermsFunction): + def __call__(self, user_group_name=None, check_location=''): + self.user_group_name = user_group_name + return super(HasUserGroupPermissionAll, self).__call__(check_location) + + def check_permissions(self): + try: + self._user_perms = set( + [self.user_perms['user_groups'][self.user_group_name]] + ) + except KeyError: + return False + if self.required_perms.issubset(self._user_perms): + return True + return False + #============================================================================== # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH #==============================================================================