def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' %
target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group,
user_group)
return obj
def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' % target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group, user_group)
return obj
def grant_user_permission(self, repo, user, perm):
"""
Grant permission for user on given repository, or update existing one
if found
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user = User.guess_instance(user)
repo = Repository.guess_instance(repo)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new !
obj = UserRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, repo)
return obj
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def grant_user_permission(self, repo, user, perm):
"""
Grant permission for user on given repository, or update existing one
if found
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user = User.guess_instance(user)
repo = Repository.guess_instance(repo)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new !
obj = UserRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, repo)
return obj
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def revoke_perm(self, user, perm):
"""
Revoke users global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
UserToPerm.query().filter(
UserToPerm.user == user,
UserToPerm.permission == perm,
).delete()
def revoke_perm(self, user, perm):
"""
Revoke users global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
UserToPerm.query().filter(
UserToPerm.user == user,
UserToPerm.permission == perm,
).delete()
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def add_permission(self, repo_group, obj, obj_type, perm, recursive):
from kallithea.model.repo import RepoModel
repo_group = RepoGroup.guess_instance(repo_group)
perm = Permission.guess_instance(perm)
for el in repo_group.recursive_groups_and_repos():
# iterated obj is an instance of a repos group or repository in
# that group, recursive option can be: none, repos, groups, all
if recursive == 'all':
pass
elif recursive == 'repos':
# skip groups, other than this one
if isinstance(el, RepoGroup) and not el == repo_group:
continue
elif recursive == 'groups':
# skip repos
if isinstance(el, Repository):
continue
else: # recursive == 'none': # DEFAULT don't apply to iterated objects
el = repo_group
# also we do a break at the end of this loop.
if isinstance(el, RepoGroup):
if obj_type == 'user':
RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)
elif obj_type == 'user_group':
RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)
else:
raise Exception('undefined object type %s' % obj_type)
elif isinstance(el, Repository):
# for repos we need to hotfix the name of permission
_perm = perm.permission_name.replace('group.', 'repository.')
if obj_type == 'user':
RepoModel().grant_user_permission(el, user=obj, perm=_perm)
elif obj_type == 'user_group':
RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)
else:
raise Exception('undefined object type %s' % obj_type)
else:
raise Exception('el should be instance of Repository or '
'RepositoryGroup got %s instead' % type(el))
# if it's not recursive call for all,repos,groups
# break the loop and don't proceed with other changes
if recursive not in ['all', 'repos', 'groups']:
break
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def grant_perm(self, user, perm):
"""
Grant user global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserToPerm.query() \
.filter(UserToPerm.user == user) \
.filter(UserToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserToPerm()
new.user = user
new.permission = perm
Session().add(new)
return new
def grant_perm(self, user, perm):
"""
Grant user global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserToPerm.query() \
.filter(UserToPerm.user == user) \
.filter(UserToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserToPerm()
new.user = user
new.permission = perm
Session().add(new)
return new
def has_perm(self, user, perm):
perm = Permission.guess_instance(perm)
user = User.guess_instance(user)
return UserToPerm.query().filter(UserToPerm.user == user) \
.filter(UserToPerm.permission == perm).scalar() is not None
def has_perm(self, user, perm):
perm = Permission.guess_instance(perm)
user = User.guess_instance(user)
return UserToPerm.query().filter(UserToPerm.user == user) \
.filter(UserToPerm.permission == perm).scalar() is not None