Mercurial > kallithea

changeset 2798:091e99b29fd4 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auto-healing of permissions for default user after upgrading from some old versions.
author Marcin Kuzminski <marcin@python-works.com>
date Tue, 04 Sep 2012 01:45:57 +0200
parents c9baaacb670a
children 493646d3146f
files docs/changelog.rst rhodecode/lib/db_manage.py rhodecode/model/db.py rhodecode/model/permission.py
diffstat 4 files changed, 44 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/docs/changelog.rst	Tue Sep 04 01:07:34 2012 +0200
+++ b/docs/changelog.rst	Tue Sep 04 01:45:57 2012 +0200
@@ -5,7 +5,7 @@
 =========
 
 
-1.4.1 (**2012-XX-XX**)
+1.4.1 (**2012-09-04**)
 ----------------------
 
 :status: in-progress
@@ -16,11 +16,17 @@
 
 - always put a comment about code-review status change even if user send
   empty data 
+- modified_on column saves repository update and it's going to be used
+  later for light version of main page ref #500
 
 fixes
 +++++
 
-- fixed migrations of permissions that can lead to inconsistency issue
+- fixed migrations of permissions that can lead to inconsistency.
+  Some users sent feedback that after upgrading from older versions issues with updating
+  default permissions occured. RhodeCode detects that now and resets default user
+  permission to initial state if there is a need for that. Also forces users to set
+  the default value for new forking permission. 
 
 
 1.4.0 (**2012-09-03**)
--- a/rhodecode/lib/db_manage.py	Tue Sep 04 01:07:34 2012 +0200
+++ b/rhodecode/lib/db_manage.py	Tue Sep 04 01:45:57 2012 +0200
@@ -255,7 +255,14 @@
                 Session().add(reg_perm)
 
             def step_7(self):
-                pass
+                perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)
+                Session().commit()
+                if perm_fixes:
+                    notify('There was an inconsistent state of permissions '
+                           'detected for default user. Permissions are now '
+                           'reset to the default value for default user. '
+                           'Please validate and check default permissions '
+                           'in admin panel')
 
         upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)
 
@@ -478,6 +485,28 @@
                 log.debug('missing default permission for group %s adding' % g)
                 ReposGroupModel()._create_default_perms(g)
 
+    def reset_permissions(self, username):
+        """
+        Resets permissions to default state, usefull when old systems had
+        bad permissions, we must clean them up
+
+        :param username:
+        :type username:
+        """
+        default_user = User.get_by_username(username)
+        if not default_user:
+            return
+
+        u2p = UserToPerm.query()\
+            .filter(UserToPerm.user == default_user).all()
+        fixed = False
+        if len(u2p) != len(User.DEFAULT_PERMISSIONS):
+            for p in u2p:
+                Session().delete(p)
+            fixed = True
+            self.populate_default_permissions()
+        return fixed
+
     def config_prompt(self, test_repo_path='', retries=3, defaults={}):
         _path = defaults.get('repos_location')
         if retries == 3:
@@ -605,8 +634,7 @@
 
         default_user = User.get_by_username('default')
 
-        for def_perm in ['hg.register.manual_activate', 'hg.create.repository',
-                         'hg.fork.repository', 'repository.read']:
+        for def_perm in User.DEFAULT_PERMISSIONS:
 
             perm = self.sa.query(Permission)\
              .filter(Permission.permission_name == def_perm)\
--- a/rhodecode/model/db.py	Tue Sep 04 01:07:34 2012 +0200
+++ b/rhodecode/model/db.py	Tue Sep 04 01:45:57 2012 +0200
@@ -289,7 +289,10 @@
          'mysql_charset': 'utf8'}
     )
     DEFAULT_USER = 'default'
-
+    DEFAULT_PERMISSIONS = [
+        'hg.register.manual_activate', 'hg.create.repository',
+        'hg.fork.repository', 'repository.read'
+    ]
     user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
--- a/rhodecode/model/permission.py	Tue Sep 04 01:07:34 2012 +0200
+++ b/rhodecode/model/permission.py	Tue Sep 04 01:45:57 2012 +0200
@@ -77,7 +77,7 @@
                                 form_result['perm_user_name']).scalar()
         u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
                                                perm_user).all()
-        if len(u2p) != 4:
+        if len(u2p) != len(User.DEFAULT_PERMISSIONS):
             raise Exception('Defined: %s should be 4  permissions for default'
                             ' user. This should not happen please verify'
                             ' your database' % len(u2p))