Mercurial > kallithea
changeset 2125:097327aaf2ad beta
more detailed logging on auth system
- docs updates for debugging
- code garden
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 13 Mar 2012 02:40:34 +0200 |
| parents | 273ce1a99c3f |
| children | de72388c713d |
| files | docs/usage/debugging.rst rhodecode/lib/auth.py rhodecode/lib/helpers.py |
| diffstat | 3 files changed, 47 insertions(+), 35 deletions(-) [+] |
line wrap: on
line diff
--- a/docs/usage/debugging.rst Tue Mar 13 02:39:31 2012 +0200 +++ b/docs/usage/debugging.rst Tue Mar 13 02:40:34 2012 +0200 @@ -1,7 +1,7 @@ .. _debugging: =================== -DEBUGGING RHODECODE +Debugging RhodeCode =================== If you encountered problems with RhodeCode here are some instructions how to @@ -15,11 +15,16 @@ RhodeCode uses standard python logging modules to log it's output. By default only loggers with INFO level are displayed. To enable full output change `level = DEBUG` for all logging handlers in currently used .ini file. -After this you can check much more detailed output of actions happening on -RhodeCode system. +This change will allow to see much more detailed output in the logfile or +console. This generally helps a lot to track issues. enable interactive debug mode ----------------------------- -To enable interactive debug mode simply +To enable interactive debug mode simply comment out `set debug = false` in +.ini file, this will trigger and interactive debugger each time there an +error in browser, or send a http link if error occured in the backend. This +is a great tool for fast debugging as you get a handy python console right +in the web view. ** NEVER ENABLE THIS ON PRODUCTION ** the interactive console +can be a serious security threat to you system.
--- a/rhodecode/lib/auth.py Tue Mar 13 02:39:31 2012 +0200 +++ b/rhodecode/lib/auth.py Tue Mar 13 02:40:34 2012 +0200 @@ -521,8 +521,7 @@ self.user = cls.rhodecode_user self.user_perms = self.user.permissions log.debug('checking %s permissions %s for %s %s', - self.__class__.__name__, self.required_perms, cls, - self.user) + self.__class__.__name__, self.required_perms, cls, self.user) if self.check_permissions(): log.debug('Permission granted for %s %s' % (cls, self.user)) @@ -604,6 +603,7 @@ user_perms = set([self.user_perms['repositories'][repo_name]]) except KeyError: return False + if self.required_perms.intersection(user_perms): return True return False @@ -658,26 +658,34 @@ raise Exception("'%s' permission is not defined" % perm) self.required_perms = set(perms) self.user_perms = None - self.granted_for = '' self.repo_name = None + self.group_name = None def __call__(self, check_Location=''): user = request.user - log.debug('checking %s %s %s', self.__class__.__name__, - self.required_perms, user) + cls_name = self.__class__.__name__ + check_scope = { + 'HasPermissionAll': '', + 'HasPermissionAny': '', + 'HasRepoPermissionAll': 'repo:%s' % self.repo_name, + 'HasRepoPermissionAny': 'repo:%s' % self.repo_name, + 'HasReposGroupPermissionAll': 'group:%s' % self.group_name, + 'HasReposGroupPermissionAny': 'group:%s' % self.group_name, + }.get(cls_name, '?') + log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name, + self.required_perms, user, check_scope, + check_Location or 'unspecified location') if not user: log.debug('Empty request user') return False self.user_perms = user.permissions - self.granted_for = user - if self.check_permissions(): - log.debug('Permission granted %s @ %s', self.granted_for, + log.debug('Permission granted for user: %s @ %s', user, check_Location or 'unspecified location') return True else: - log.debug('Permission denied for %s @ %s', self.granted_for, + log.debug('Permission denied for user: %s @ %s', user, check_Location or 'unspecified location') return False @@ -701,7 +709,6 @@ class HasRepoPermissionAll(PermsFunction): - def __call__(self, repo_name=None, check_Location=''): self.repo_name = repo_name return super(HasRepoPermissionAll, self).__call__(check_Location) @@ -711,19 +718,17 @@ self.repo_name = get_repo_slug(request) try: - self.user_perms = set( + self._user_perms = set( [self.user_perms['repositories'][self.repo_name]] ) except KeyError: return False - self.granted_for = self.repo_name - if self.required_perms.issubset(self.user_perms): + if self.required_perms.issubset(self._user_perms): return True return False class HasRepoPermissionAny(PermsFunction): - def __call__(self, repo_name=None, check_Location=''): self.repo_name = repo_name return super(HasRepoPermissionAny, self).__call__(check_Location) @@ -733,13 +738,12 @@ self.repo_name = get_repo_slug(request) try: - self.user_perms = set( + self._user_perms = set( [self.user_perms['repositories'][self.repo_name]] ) except KeyError: return False - self.granted_for = self.repo_name - if self.required_perms.intersection(self.user_perms): + if self.required_perms.intersection(self._user_perms): return True return False @@ -751,13 +755,12 @@ def check_permissions(self): try: - self.user_perms = set( + self._user_perms = set( [self.user_perms['repositories_groups'][self.group_name]] ) except KeyError: return False - self.granted_for = self.repo_name - if self.required_perms.intersection(self.user_perms): + if self.required_perms.intersection(self._user_perms): return True return False @@ -769,13 +772,12 @@ def check_permissions(self): try: - self.user_perms = set( + self._user_perms = set( [self.user_perms['repositories_groups'][self.group_name]] ) except KeyError: return False - self.granted_for = self.repo_name - if self.required_perms.issubset(self.user_perms): + if self.required_perms.issubset(self._user_perms): return True return False @@ -798,7 +800,6 @@ log.error('Exception while accessing permissions %s' % traceback.format_exc()) self.user_perms = set() - self.granted_for = '' self.username = user.username self.repo_name = repo_name return self.check_permissions() @@ -808,7 +809,13 @@ 'permissions %s for user:%s repository:%s', self.user_perms, self.username, self.repo_name) if self.required_perms.intersection(self.user_perms): - log.debug('permission granted') + log.debug('permission granted for user:%s on repo:%s' % ( + self.username, self.repo_name + ) + ) return True - log.debug('permission denied') + log.debug('permission denied for user:%s on repo:%s' % ( + self.username, self.repo_name + ) + ) return False
--- a/rhodecode/lib/helpers.py Tue Mar 13 02:39:31 2012 +0200 +++ b/rhodecode/lib/helpers.py Tue Mar 13 02:40:34 2012 +0200 @@ -804,7 +804,7 @@ def urlify_changesets(text_, repository): """ Extract revision ids from changeset and make link from them - + :param text_: :param repository: """ @@ -845,10 +845,10 @@ """ import re import traceback - + def escaper(string): return string.replace('<', '<').replace('>', '>') - + def linkify_others(t, l): urls = re.compile(r'(\<a.*?\<\/a\>)',) links = [] @@ -859,8 +859,8 @@ links.append(e) return ''.join(links) - - + + # urlify changesets - extrac revisions and make link out of them text_ = urlify_changesets(escaper(text_), repository)