Mercurial > kallithea
changeset 8626:c101cafe9a0f
auth: compute AuthUser.repository_permissions lazily
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sun, 23 Aug 2020 14:41:40 +0200 |
parents | 4c79659e11e5 |
children | f14fd4cbb488 |
files | kallithea/lib/auth.py |
diffstat | 1 files changed, 53 insertions(+), 55 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Sun Aug 23 14:33:53 2020 +0200 +++ b/kallithea/lib/auth.py Sun Aug 23 14:41:40 2020 +0200 @@ -131,7 +131,6 @@ permissions[key] = new_perm def get_user_permissions(user_id, user_is_admin): - repository_permissions = {} repository_group_permissions = {} user_group_permissions = {} @@ -139,7 +138,6 @@ #====================================================================== # fetch default permissions #====================================================================== - default_repo_perms = Permission.get_default_perms(kallithea.DEFAULT_USER_ID) default_repo_groups_perms = Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID) default_user_group_perms = Permission.get_default_user_group_perms(kallithea.DEFAULT_USER_ID) @@ -149,12 +147,6 @@ # based on default permissions, just set everything to admin #================================================================== - # repositories - for perm in default_repo_perms: - r_k = perm.repository.repo_name - p = 'repository.admin' - repository_permissions[r_k] = p - # repository groups for perm in default_repo_groups_perms: rg_k = perm.group.group_name @@ -166,23 +158,12 @@ u_k = perm.user_group.users_group_name p = 'usergroup.admin' user_group_permissions[u_k] = p - return (repository_permissions, repository_group_permissions, user_group_permissions) + return (repository_group_permissions, user_group_permissions) #================================================================== # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS #================================================================== - # defaults for repositories, taken from default user - for perm in default_repo_perms: - r_k = perm.repository.repo_name - if perm.repository.owner_id == user_id: - p = 'repository.admin' - elif perm.repository.private: - p = 'repository.none' - else: - p = perm.permission.permission_name - repository_permissions[r_k] = p - # defaults for repository groups taken from default user permission # on given group for perm in default_repo_groups_perms: @@ -198,39 +179,6 @@ user_group_permissions[u_k] = p #====================================================================== - # !! PERMISSIONS FOR REPOSITORIES !! - #====================================================================== - #====================================================================== - # check if user is part of user groups for this repository and - # fill in his permission from it. - #====================================================================== - - # user group for repositories permissions - user_repo_perms_from_users_groups = \ - Session().query(UserGroupRepoToPerm) \ - .join((UserGroup, UserGroupRepoToPerm.users_group_id == - UserGroup.users_group_id)) \ - .filter(UserGroup.users_group_active == True) \ - .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == - UserGroupMember.users_group_id)) \ - .filter(UserGroupMember.user_id == user_id) \ - .options(joinedload(UserGroupRepoToPerm.repository)) \ - .options(joinedload(UserGroupRepoToPerm.permission)) \ - .all() - - for perm in user_repo_perms_from_users_groups: - bump_permission(repository_permissions, - perm.repository.repo_name, - perm.permission.permission_name) - - # user permissions for repositories - user_repo_perms = Permission.get_default_perms(user_id) - for perm in user_repo_perms: - bump_permission(repository_permissions, - perm.repository.repo_name, - perm.permission.permission_name) - - #====================================================================== # !! PERMISSIONS FOR REPOSITORY GROUPS !! #====================================================================== #====================================================================== @@ -290,7 +238,7 @@ perm.user_group.users_group_name, perm.permission.permission_name) - return (repository_permissions, repository_group_permissions, user_group_permissions) + return (repository_group_permissions, user_group_permissions) class AuthUser(object): @@ -379,7 +327,7 @@ log.debug('Auth User is now %s', self) log.debug('Getting PERMISSION tree for %s', self) - (self.repository_permissions, self.repository_group_permissions, self.user_group_permissions, + (self.repository_group_permissions, self.user_group_permissions, )= get_user_permissions(self.user_id, self.is_admin) @LazyProperty @@ -433,6 +381,56 @@ return set(kind_max_perm.values()) @LazyProperty + def repository_permissions(self): + log.debug('Getting repository permissions for %s', self) + repository_permissions = {} + default_repo_perms = Permission.get_default_perms(kallithea.DEFAULT_USER_ID) + + if self.is_admin: + for perm in default_repo_perms: + r_k = perm.repository.repo_name + p = 'repository.admin' + repository_permissions[r_k] = p + + else: + # defaults for repositories from default user + for perm in default_repo_perms: + r_k = perm.repository.repo_name + if perm.repository.owner_id == self.user_id: + p = 'repository.admin' + elif perm.repository.private: + p = 'repository.none' + else: + p = perm.permission.permission_name + repository_permissions[r_k] = p + + # user group repository permissions + user_repo_perms_from_users_groups = \ + Session().query(UserGroupRepoToPerm) \ + .join((UserGroup, UserGroupRepoToPerm.users_group_id == + UserGroup.users_group_id)) \ + .filter(UserGroup.users_group_active == True) \ + .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == + UserGroupMember.users_group_id)) \ + .filter(UserGroupMember.user_id == self.user_id) \ + .options(joinedload(UserGroupRepoToPerm.repository)) \ + .options(joinedload(UserGroupRepoToPerm.permission)) \ + .all() + for perm in user_repo_perms_from_users_groups: + bump_permission(repository_permissions, + perm.repository.repo_name, + perm.permission.permission_name) + + # user permissions for repositories + user_repo_perms = Permission.get_default_perms(self.user_id) + for perm in user_repo_perms: + bump_permission(repository_permissions, + perm.repository.repo_name, + perm.permission.permission_name) + + return repository_permissions + + @LazyProperty def permissions(self): """dict with all 4 kind of permissions - mainly for backwards compatibility""" return {