Mercurial > kallithea
diff rhodecode/model/user.py @ 2165:dc2584ba5fbc
merged beta into default branch
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Wed, 28 Mar 2012 19:54:16 +0200 |
parents | ecd59c28f432 fa637dc3e029 |
children | a437a986d399 |
line wrap: on
line diff
--- a/rhodecode/model/user.py Sat Mar 03 03:41:19 2012 +0200 +++ b/rhodecode/model/user.py Wed Mar 28 19:54:16 2012 +0200 @@ -29,18 +29,19 @@ from pylons import url from pylons.i18n.translation import _ -from rhodecode.lib import safe_unicode +from rhodecode.lib.utils2 import safe_unicode, generate_api_key from rhodecode.lib.caching_query import FromCache from rhodecode.model import BaseModel from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ - Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup + Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup,\ + UsersGroupRepoGroupToPerm from rhodecode.lib.exceptions import DefaultUserException, \ UserOwnsReposException from sqlalchemy.exc import DatabaseError -from rhodecode.lib import generate_api_key + from sqlalchemy.orm import joinedload log = logging.getLogger(__name__) @@ -298,14 +299,16 @@ try: if user.username == 'default': raise DefaultUserException( - _("You can't remove this user since it's" - " crucial for entire application")) + _(u"You can't remove this user since it's" + " crucial for entire application") + ) if user.repositories: - raise UserOwnsReposException(_('This user still owns %s ' - 'repositories and cannot be ' - 'removed. Switch owners or ' - 'remove those repositories') \ - % user.repositories) + repos = [x.repo_name for x in user.repositories] + raise UserOwnsReposException( + _(u'user "%s" still owns %s repositories and cannot be ' + 'removed. Switch owners or remove those repositories. %s') + % (user.username, len(repos), ', '.join(repos)) + ) self.sa.delete(user) except: log.error(traceback.format_exc()) @@ -409,7 +412,7 @@ for perm in default_global_perms: user.permissions[GLOBAL].add(perm.permission.permission_name) - # default for repositories + # defaults for repositories, taken from default user for perm in default_repo_perms: r_k = perm.UserRepoToPerm.repository.repo_name if perm.Repository.private and not (perm.Repository.user_id == uid): @@ -423,17 +426,18 @@ user.permissions[RK][r_k] = p - # default for repositories groups + # defaults for repositories groups taken from default user permission + # on given group for perm in default_repo_groups_perms: rg_k = perm.UserRepoGroupToPerm.group.group_name p = perm.Permission.permission_name user.permissions[GK][rg_k] = p #================================================================== - # overwrite default with user permissions if any + # overwrite defaults with user permissions if any found #================================================================== - # user global + # user global permissions user_perms = self.sa.query(UserToPerm)\ .options(joinedload(UserToPerm.permission))\ .filter(UserToPerm.user_id == uid).all() @@ -441,7 +445,7 @@ for perm in user_perms: user.permissions[GLOBAL].add(perm.permission.permission_name) - # user repositories + # user explicit permissions for repositories user_repo_perms = \ self.sa.query(UserRepoToPerm, Permission, Repository)\ .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ @@ -459,8 +463,8 @@ user.permissions[RK][r_k] = p #================================================================== - # check if user is part of groups for this repository and fill in - # (or replace with higher) permissions + # check if user is part of user groups for this repository and + # fill in (or replace with higher) permissions #================================================================== # users group global @@ -473,7 +477,7 @@ for perm in user_perms_from_users_groups: user.permissions[GLOBAL].add(perm.permission.permission_name) - # users group repositories + # users group for repositories permissions user_repo_perms_from_users_groups = \ self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ @@ -495,12 +499,12 @@ # get access for this user for repos group and override defaults #================================================================== - # user repositories groups + # user explicit permissions for repository user_repo_groups_perms = \ self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ - .filter(UserRepoToPerm.user_id == uid)\ + .filter(UserRepoGroupToPerm.user_id == uid)\ .all() for perm in user_repo_groups_perms: @@ -510,6 +514,30 @@ if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: user.permissions[GK][rg_k] = p + #================================================================== + # check if user is part of user groups for this repo group and + # fill in (or replace with higher) permissions + #================================================================== + + # users group for repositories permissions + user_repo_group_perms_from_users_groups = \ + self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ + .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ + .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ + .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ + .filter(UsersGroupMember.user_id == uid)\ + .all() + + for perm in user_repo_group_perms_from_users_groups: + g_k = perm.UsersGroupRepoGroupToPerm.group.group_name + print perm, g_k + p = perm.Permission.permission_name + cur_perm = user.permissions[GK][g_k] + # overwrite permission only if it's greater than permission + # given from other sources + if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: + user.permissions[GK][g_k] = p + return user def has_perm(self, user, perm):