Mercurial > kallithea

changeset 8626:c101cafe9a0f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: compute AuthUser.repository_permissions lazily
author Mads Kiilerich <mads@kiilerich.com>
date Sun, 23 Aug 2020 14:41:40 +0200
parents 4c79659e11e5
children f14fd4cbb488
files kallithea/lib/auth.py
diffstat 1 files changed, 53 insertions(+), 55 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Sun Aug 23 14:33:53 2020 +0200
+++ b/kallithea/lib/auth.py	Sun Aug 23 14:41:40 2020 +0200
@@ -131,7 +131,6 @@
         permissions[key] = new_perm
 
 def get_user_permissions(user_id, user_is_admin):
-    repository_permissions = {}
     repository_group_permissions = {}
     user_group_permissions = {}
 
@@ -139,7 +138,6 @@
     #======================================================================
     # fetch default permissions
     #======================================================================
-    default_repo_perms = Permission.get_default_perms(kallithea.DEFAULT_USER_ID)
     default_repo_groups_perms = Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID)
     default_user_group_perms = Permission.get_default_user_group_perms(kallithea.DEFAULT_USER_ID)
 
@@ -149,12 +147,6 @@
         # based on default permissions, just set everything to admin
         #==================================================================
 
-        # repositories
-        for perm in default_repo_perms:
-            r_k = perm.repository.repo_name
-            p = 'repository.admin'
-            repository_permissions[r_k] = p
-
         # repository groups
         for perm in default_repo_groups_perms:
             rg_k = perm.group.group_name
@@ -166,23 +158,12 @@
             u_k = perm.user_group.users_group_name
             p = 'usergroup.admin'
             user_group_permissions[u_k] = p
-        return (repository_permissions, repository_group_permissions, user_group_permissions)
+        return (repository_group_permissions, user_group_permissions)
 
     #==================================================================
     # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
     #==================================================================
 
-    # defaults for repositories, taken from default user
-    for perm in default_repo_perms:
-        r_k = perm.repository.repo_name
-        if perm.repository.owner_id == user_id:
-            p = 'repository.admin'
-        elif perm.repository.private:
-            p = 'repository.none'
-        else:
-            p = perm.permission.permission_name
-        repository_permissions[r_k] = p
-
     # defaults for repository groups taken from default user permission
     # on given group
     for perm in default_repo_groups_perms:
@@ -198,39 +179,6 @@
         user_group_permissions[u_k] = p
 
     #======================================================================
-    # !! PERMISSIONS FOR REPOSITORIES !!
-    #======================================================================
-    #======================================================================
-    # check if user is part of user groups for this repository and
-    # fill in his permission from it.
-    #======================================================================
-
-    # user group for repositories permissions
-    user_repo_perms_from_users_groups = \
-     Session().query(UserGroupRepoToPerm) \
-        .join((UserGroup, UserGroupRepoToPerm.users_group_id ==
-               UserGroup.users_group_id)) \
-        .filter(UserGroup.users_group_active == True) \
-        .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
-               UserGroupMember.users_group_id)) \
-        .filter(UserGroupMember.user_id == user_id) \
-        .options(joinedload(UserGroupRepoToPerm.repository)) \
-        .options(joinedload(UserGroupRepoToPerm.permission)) \
-        .all()
-
-    for perm in user_repo_perms_from_users_groups:
-        bump_permission(repository_permissions,
-            perm.repository.repo_name,
-            perm.permission.permission_name)
-
-    # user permissions for repositories
-    user_repo_perms = Permission.get_default_perms(user_id)
-    for perm in user_repo_perms:
-        bump_permission(repository_permissions,
-            perm.repository.repo_name,
-            perm.permission.permission_name)
-
-    #======================================================================
     # !! PERMISSIONS FOR REPOSITORY GROUPS !!
     #======================================================================
     #======================================================================
@@ -290,7 +238,7 @@
             perm.user_group.users_group_name,
             perm.permission.permission_name)
 
-    return (repository_permissions, repository_group_permissions, user_group_permissions)
+    return (repository_group_permissions, user_group_permissions)
 
 
 class AuthUser(object):
@@ -379,7 +327,7 @@
         log.debug('Auth User is now %s', self)
 
         log.debug('Getting PERMISSION tree for %s', self)
-        (self.repository_permissions, self.repository_group_permissions, self.user_group_permissions,
+        (self.repository_group_permissions, self.user_group_permissions,
         )= get_user_permissions(self.user_id, self.is_admin)
 
     @LazyProperty
@@ -433,6 +381,56 @@
         return set(kind_max_perm.values())
 
     @LazyProperty
+    def repository_permissions(self):
+        log.debug('Getting repository permissions for %s', self)
+        repository_permissions = {}
+        default_repo_perms = Permission.get_default_perms(kallithea.DEFAULT_USER_ID)
+
+        if self.is_admin:
+            for perm in default_repo_perms:
+                r_k = perm.repository.repo_name
+                p = 'repository.admin'
+                repository_permissions[r_k] = p
+
+        else:
+            # defaults for repositories from default user
+            for perm in default_repo_perms:
+                r_k = perm.repository.repo_name
+                if perm.repository.owner_id == self.user_id:
+                    p = 'repository.admin'
+                elif perm.repository.private:
+                    p = 'repository.none'
+                else:
+                    p = perm.permission.permission_name
+                repository_permissions[r_k] = p
+
+            # user group repository permissions
+            user_repo_perms_from_users_groups = \
+             Session().query(UserGroupRepoToPerm) \
+                .join((UserGroup, UserGroupRepoToPerm.users_group_id ==
+                       UserGroup.users_group_id)) \
+                .filter(UserGroup.users_group_active == True) \
+                .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
+                       UserGroupMember.users_group_id)) \
+                .filter(UserGroupMember.user_id == self.user_id) \
+                .options(joinedload(UserGroupRepoToPerm.repository)) \
+                .options(joinedload(UserGroupRepoToPerm.permission)) \
+                .all()
+            for perm in user_repo_perms_from_users_groups:
+                bump_permission(repository_permissions,
+                    perm.repository.repo_name,
+                    perm.permission.permission_name)
+
+            # user permissions for repositories
+            user_repo_perms = Permission.get_default_perms(self.user_id)
+            for perm in user_repo_perms:
+                bump_permission(repository_permissions,
+                    perm.repository.repo_name,
+                    perm.permission.permission_name)
+
+        return repository_permissions
+
+    @LazyProperty
     def permissions(self):
         """dict with all 4 kind of permissions - mainly for backwards compatibility"""
         return {