Mercurial > kallithea
diff rhodecode/model/permission.py @ 3733:af049a957506 beta
fixed default permissions population during upgrades
- it often happen that introducing new permission
caused default permission to reset it's state to installation
default.
new version makes sure that only missing permissions are
created while leaving old defaults
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Wed, 10 Apr 2013 02:55:21 +0200 |
parents | e42e1d4e1c47 |
children | a8f520540ab0 |
line wrap: on
line diff
--- a/rhodecode/model/permission.py Wed Apr 10 00:31:10 2013 +0200 +++ b/rhodecode/model/permission.py Wed Apr 10 02:55:21 2013 +0200 @@ -43,11 +43,49 @@ cls = Permission + def create_default_permissions(self, user): + """ + Creates only missing default permissions for user + + :param user: + """ + user = self._get_user(user) + + def _make_perm(perm): + new_perm = UserToPerm() + new_perm.user = user + new_perm.permission = Permission.get_by_key(perm) + return new_perm + + def _get_group(perm_name): + return '.'.join(perm_name.split('.')[:1]) + + perms = UserToPerm.query().filter(UserToPerm.user == user).all() + defined_perms_groups = map(_get_group, + (x.permission.permission_name for x in perms)) + log.debug('GOT ALREADY DEFINED:%s' % perms) + DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS + + # for every default permission that needs to be created, we check if + # it's group is already defined, if it's not we create default perm + for perm_name in DEFAULT_PERMS: + gr = _get_group(perm_name) + if gr not in defined_perms_groups: + log.debug('GR:%s not found, creating permission %s' + % (gr, perm_name)) + new_perm = _make_perm(perm_name) + self.sa.add(new_perm) + def update(self, form_result): perm_user = User.get_by_username(username=form_result['perm_user_name']) - u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all() try: + # stage 1 set anonymous access + if perm_user.username == 'default': + perm_user.active = str2bool(form_result['anonymous']) + self.sa.add(perm_user) + + # stage 2 reset defaults and set them from form data def _make_new(usr, perm_name): new = UserToPerm() new.user = usr @@ -56,6 +94,9 @@ # clear current entries, to make this function idempotent # it will fix even if we define more permissions or permissions # are somehow missing + u2p = self.sa.query(UserToPerm)\ + .filter(UserToPerm.user == perm_user)\ + .all() for p in u2p: self.sa.delete(p) #create fresh set of permissions @@ -65,7 +106,7 @@ p = _make_new(perm_user, form_result[def_perm_key]) self.sa.add(p) - #stage 2 update all default permissions for repos if checked + #stage 3 update all default permissions for repos if checked if form_result['overwrite_default_repo'] == True: _def_name = form_result['default_repo_perm'].split('repository.')[-1] _def = Permission.get_by_key('repository.' + _def_name) @@ -89,11 +130,6 @@ g2p.permission = _def self.sa.add(g2p) - # stage 3 set anonymous access - if perm_user.username == 'default': - perm_user.active = str2bool(form_result['anonymous']) - self.sa.add(perm_user) - self.sa.commit() except (DatabaseError,): log.error(traceback.format_exc())