class ArchiveProjectTeam(Command):
""" Store users and permissions into flat file
This file will be sent for author if project is restored
"""
def __init__(self, project):
Command.__init__(self)
self.name = "ArchiveProjectTeam"
self.project = project
self.groups = CQDEUserGroupStore(project.trac_environment_key)
def do(self):
self.team = self.project.archive_path + "/team.txt"
f = open(self.team, 'w')
f.write("#### Users in groups ####\n")
for user, group in self.groups.get_all_user_groups():
f.write(user + ' : ' + group + "\n")
f.write("\n#### Group permissions ####\n")
for group, perm in self.groups.get_all_group_permissions():
f.write(group + ' : ' + perm + "\n")
f.write("\n#### Group organizations ####\n")
for org, group in self.groups.get_all_organization_groups():
f.write(org + ' : ' + group + "\n")
f.close()
return True
def undo(self):
if os.path.exists(self.team):
if os.remove(self.team):
return True
return False
def public(self):
"""
Check the project visibility
:returns: True if project is considered public (wide permissions), otherwise False
"""
groupstore = CQDEUserGroupStore(self.trac_environment_key)
return groupstore.is_public_project()
def _apply_changes(self, req, project):
"""
Saves changes into database and project configuration file
"""
try:
# Save information into database
project.project_name = req.args.get('name')
project.description = req.args.get('descr')
# Update author if needed
author_id = req.args.get('author_id')
if author_id and project.author_id != int(author_id):
userstore = get_userstore()
author = userstore.getUserWhereId(author_id)
project.author = author
# Check if author has admin permission to project: put in project if not
authorperm = PermissionCache(self.env, author.username)
if 'TRAC_ADMIN' not in authorperm:
admin_rights = False
groupstore = CQDEUserGroupStore(
project.trac_environment_key)
# Iterate existing project groups and put user into group with TRAC_ADMIN rights
for gname, pname in groupstore.get_all_group_permissions():
if pname == 'TRAC_ADMIN':
groupstore.add_user_to_group(
author.username, gname)
admin_rights = True
add_notice(
req,
_('Added TRAC_ADMIN permissions to user: {0}'.
format(author.username)))
if not admin_rights:
permlink = tag.a(
'You way want to modify permissions',
href=req.href('admin/general/permissions'))
add_warning(
req,
tag(
_('User {0} does not have administrative rights to project. '
.format(author.username)), permlink))
# Save changes to database
project.save()
# Save information into config
for option in ('name', 'descr'):
self.config.set('project', option, req.args.get(option))
self.config.save()
except Exception, e:
self.log.exception('Failed to save project changes')
add_warning(req, _('Failed to save changes: {0}'.format(e)))
return req.redirect(req.href('admin/general/basics'))
def _get_team_info(self, project):
"""
Reads team members and sorts them so that default groups
are first and other groups are last (in alphabetical order)
:param Project project: Project to retrieve team info from
:returns: tuple of data: teams, members
"""
ug = CQDEUserGroupStore(project.trac_environment_key)
team = sorted(ug.get_all_user_groups(), key=lambda tmp: tmp[1])
# TODO: Implement better
default_group_names = [tuple[0] for tuple in conf.default_groups]
default_group_names += [
conf.public_auth_group[0], conf.public_anon_group[0]
]
first = {}
last = {}
all_members = {}
# Create group => member hash
userstore = get_userstore()
for member, group in team:
all_members[member] = 1
account = userstore.getUser(username=member)
if group in default_group_names:
if group not in first:
first[group] = []
first[group].append(account)
else:
if group not in last:
last[group] = []
last[group].append(account)
# Create group, memberlist tuples from items and keep them sorted
# First read the default groups in to list of tuples in the order they are defined in conf
items = []
for group in default_group_names:
if first.has_key(group):
items += [(group, first[group])]
# Then append other groups in alphabetical order
items += sorted(last.items(), key=lambda tmp: tmp[0])
# Then join all the members as a one markup string with member links
teams = []
for group, members in items:
teams.append((group, members))
# Team members in (group, member_uri) type, and all member names
return teams, all_members.keys()
def _get_team_info(self, project):
"""
Reads team members and sorts them so that default groups
are first and other groups are last (in alphabetical order)
:param Project project: Project to retrieve team info from
:returns: tuple of data: teams, members
"""
ug = CQDEUserGroupStore(project.trac_environment_key)
team = sorted(ug.get_all_user_groups(), key=lambda tmp: tmp[1])
# TODO: Implement better
default_group_names = [tuple[0] for tuple in conf.default_groups]
default_group_names += [conf.public_auth_group[0], conf.public_anon_group[0]]
first = {}
last = {}
all_members = {}
# Create group => member hash
userstore = get_userstore()
for member, group in team:
all_members[member] = 1
account = userstore.getUser(username=member)
if group in default_group_names:
if group not in first:
first[group] = []
first[group].append(account)
else:
if group not in last:
last[group] = []
last[group].append(account)
# Create group, memberlist tuples from items and keep them sorted
# First read the default groups in to list of tuples in the order they are defined in conf
items = []
for group in default_group_names:
if first.has_key(group):
items += [(group, first[group])]
# Then append other groups in alphabetical order
items += sorted(last.items(), key = lambda tmp: tmp[0])
# Then join all the members as a one markup string with member links
teams = []
for group, members in items:
teams.append((group, members))
# Team members in (group, member_uri) type, and all member names
return teams, all_members.keys()
def undo(self):
store = CQDEUserGroupStore(self.project.trac_environment_key)
try:
anon_group_name, anon_priv = conf.public_anon_group
auth_group_name, auth_priv = conf.public_auth_group
store.remove_group(anon_group_name)
store.remove_group(auth_group_name)
# Clear project cache
pc = ProjectCache.instance()
pc.clearProject(self.project.id)
except Exception, e:
conf.log.exception("Could not make project private")
def remove_user(self, req):
"""
Show removal form and handle POST as remove action
"""
username = req.args.get('username')
# Check method and permissions
if not req.method.upper() == 'POST' or not username:
raise PermissionError()
# Load user
userstore = get_userstore()
user = userstore.getUser(req.authname)
account = userstore.getUser(username)
if not account:
add_warning(req, "Could not find user '{0}' from service".format(account.username))
return req.redirect(req.href('admin/users/manage'))
# Check permissions
req.perm.require('USER_AUTHOR', Resource('user', id=account.id))
# If removable user is project author, change the ownership to person who deletes the user
papi = projects.Projects()
for project in papi.get_authored_projects(account):
project.author = user
project.save()
# Check if user has TRAC_ADMIN rights for the new project, if not, try setting
if not req.perm.has_permission('TRAC_ADMIN', Resource('project', id=project.id)):
groupstore = CQDEUserGroupStore(project.trac_environment_key)
# Iterate existing project groups and put user into group with TRAC_ADMIN rights
for gname, pname in groupstore.get_all_group_permissions():
if pname == 'TRAC_ADMIN':
groupstore.add_user_to_group(project.author.username, gname)
self.log.info('Added TRAC_ADMIN permissions to {0} at {0}'.format(project.author, project))
self.log.info('Changed ownership of project {0} from {0} to {0}'.format(project, project.author, user))
add_notice(req, tag(_("Changed ownership of the project to you: "), tag.a(project.project_name, href=req.href('..', project.env_name))))
if userstore.deleteUser(account):
add_notice(req, "Removed user '{0}' successfully from local store".format(account.username))
else:
add_warning(req, "Failed to remove user '{0}' from local store".format(account.username))
# Redirect to user listing
return req.redirect(req.href('admin/users/manage'))
def remove_user(self, req):
"""
Show removal form and handle POST as remove action
"""
username = req.args.get('username')
# Check method and permissions
if not req.method.upper() == 'POST' or not username:
raise PermissionError()
# Load user
userstore = get_userstore()
user = userstore.getUser(req.authname)
account = userstore.getUser(username)
if not account:
add_warning(req, "Could not find user '{0}' from service".format(account.username))
return req.redirect(req.href('admin/users/manage'))
# Check permissions
req.perm.require('USER_AUTHOR', Resource('user', id=account.id))
# If removable user is project author, change the ownership to person who deletes the user
papi = projects.Projects()
for project in papi.get_authored_projects(account):
project.author = user
project.save()
# Check if user has TRAC_ADMIN rights for the new project, if not, try setting
if not req.perm.has_permission('TRAC_ADMIN', Resource('project', id=project.id)):
groupstore = CQDEUserGroupStore(project.trac_environment_key)
# Iterate existing project groups and put user into group with TRAC_ADMIN rights
for gname, pname in groupstore.get_all_group_permissions():
if pname == 'TRAC_ADMIN':
groupstore.add_user_to_group(project.author.username, gname)
self.log.info('Added TRAC_ADMIN permissions to {0} at {0}'.format(project.author, project))
self.log.info('Changed ownership of project {0} from {0} to {0}'.format(project, project.author, user))
add_notice(req, tag(_("Changed ownership of the project to you: "), tag.a(project.project_name, href=req.href('..', project.env_name))))
if userstore.deleteUser(account):
add_notice(req, "Removed user '{0}' successfully from local store".format(account.username))
else:
add_warning(req, "Failed to remove user '{0}' from local store".format(account.username))
# Redirect to user listing
return req.redirect(req.href('admin/users/manage'))
def setUp(self):
userObj = User()
userObj.id = 30
userObj.username = '******'
self.projectObj = Project(24,
'storageauthtest',
'Storage auth testing',
'Desc',
userObj.id,
None,
author=userObj)
conf.use_test_db(True)
self.load_fixtures()
self.store = CQDEUserGroupStore(self.projectObj.id)
self.store.remove_group('Owners')
self.store.remove_group('Public contributors')
self.store.remove_group('Public viewers')
def _apply_changes(self, req, project):
"""
Saves changes into database and project configuration file
"""
try:
# Save information into database
project.project_name = req.args.get('name')
project.description = req.args.get('descr')
# Update author if needed
author_id = req.args.get('author_id')
if author_id and project.author_id != int(author_id):
userstore = get_userstore()
author = userstore.getUserWhereId(author_id)
project.author = author
# Check if author has admin permission to project: put in project if not
authorperm = PermissionCache(self.env, author.username)
if 'TRAC_ADMIN' not in authorperm:
admin_rights = False
groupstore = CQDEUserGroupStore(project.trac_environment_key)
# Iterate existing project groups and put user into group with TRAC_ADMIN rights
for gname, pname in groupstore.get_all_group_permissions():
if pname == 'TRAC_ADMIN':
groupstore.add_user_to_group(author.username, gname)
admin_rights = True
add_notice(req, _('Added TRAC_ADMIN permissions to user: {0}'.format(author.username)))
if not admin_rights:
permlink = tag.a('You way want to modify permissions', href=req.href('admin/general/permissions'))
add_warning(req, tag(_('User {0} does not have administrative rights to project. '.format(author.username)), permlink))
# Save changes to database
project.save()
# Save information into config
for option in ('name', 'descr'):
self.config.set('project', option, req.args.get(option))
self.config.save()
except Exception, e:
self.log.exception('Failed to save project changes')
add_warning(req, _('Failed to save changes: {0}'.format(e)))
return req.redirect(req.href('admin/general/basics'))
def render_admin_panel(self, req, cat, page, path_info):
""" Renders announcements admin panel
"""
req.perm.require('TRAC_ADMIN')
showforum = self.config.getbool('discussion', 'show_news_forum', True)
project = Project.get(self.env)
groupstore = CQDEUserGroupStore(project.trac_environment_key)
(public_exists, allowed) = self.get_announce_allowed(groupstore)
if req.method == 'POST':
if 'hideforum' in req.args:
self.config.set('discussion', 'show_news_forum', 'false')
self.config.save()
showforum = False
# Notify listeners
for listener in self.announcement_admin_listeners:
listener.announcements_hidden()
elif 'showforum' in req.args:
self.config.set('discussion', 'show_news_forum', 'true')
self.config.save()
showforum = True
# Notify listeners
for listener in self.announcement_admin_listeners:
listener.announcements_visible()
elif 'allow' in req.args:
#Allow should add the DISCUSSION_ANNOUNCE_APPEND to the "public contributors" group.
groupstore.grant_permission_to_group("Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
(public_exists, allowed) = self.get_announce_allowed(groupstore)
elif 'disallow' in req.args:
#Disallow remove it.
groupstore.revoke_permission_from_group("Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
(public_exists, allowed) = self.get_announce_allowed(groupstore)
elif 'rename' in req.args:
news = ProjectNews(project.env_name)
news.rename_news_forum(req.args.get('forumname'))
data = {}
data['showforum'] = showforum
data['allowed'] = allowed
data['public_exists'] = public_exists
return 'admin_news_forum.html', data
def setUp(self):
userObj = User()
userObj.id = 30
userObj.username = '******'
self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc',
userObj.id, None, author = userObj)
conf.use_test_db(True)
self.load_fixtures()
self.store = CQDEUserGroupStore(self.projectObj.id)
self.store.remove_group('Owners')
self.store.remove_group('Public contributors')
self.store.remove_group('Public viewers')
def expand_macro(self, formatter, name, content, args=None):
"""
Returns the outcome from macro.
Supported arguments:
- project: Name of the project to show status / provide follow buttons. Defaults to current project
"""
req = formatter.req
# Load project from db
project = Project.get(self.env)
# Get project metadata (categories)
(combined_categories, separated_categories_per_context, context_by_id,
context_order, languages) = self._get_project_categories(project)
# Get project visibility: public or private
ug = CQDEUserGroupStore(project.trac_environment_key)
visibility = _('Public') if ug.is_public_project() else _('Private')
# Return rendered HTML with JS attached to it
data = {
'_project_': project,
'combined_categories': combined_categories,
'separated_categories_per_context': separated_categories_per_context,
'context_order': context_order,
'languages': languages,
'context_by_id': context_by_id,
'visibility_label': visibility, # Private / Public
'to_web_time': to_web_time # TODO: Is this really required?
}
chrome = Chrome(self.env)
stream = chrome.render_template(req, 'multiproject_summary.html', data, fragment=True)
if req.form_token:
stream |= chrome._add_form_token(req.form_token)
return stream
def process_request(self, req):
req.perm.require('MEMBERSHIP_REQUEST_CREATE')
all_members = {}
project = Project.get(self.env)
ug = CQDEUserGroupStore(project.trac_environment_key)
for member, group in ug.get_all_user_groups():
all_members[member] = 1
if req.authname in all_members.keys():
type = "privilege"
else:
type = "membership"
# Check the message length only if user has clicked 'request'
msg_ok = 'request' not in req.args or ('message' in req.args and
len(req.args.get('message')) >= 40)
# If request, then make request, ow. show form
if req.args.has_key('request') and msg_ok:
return self.make_membership_request(req)
else:
return 'membership_request_form.html', {'type':type, 'msg_ok':msg_ok,
'message':req.args.get('message')}, None
class ArchiveProjectTeam(Command):
""" Store users and permissions into flat file
This file will be sent for author if project is restored
"""
def __init__(self, project):
Command.__init__(self)
self.name = "ArchiveProjectTeam"
self.project = project
self.groups = CQDEUserGroupStore(project.trac_environment_key)
def do(self):
self.team = self.project.archive_path + "/team.txt"
f = open(self.team, "w")
f.write("#### Users in groups ####\n")
for user, group in self.groups.get_all_user_groups():
f.write(user + " : " + group + "\n")
f.write("\n#### Group permissions ####\n")
for group, perm in self.groups.get_all_group_permissions():
f.write(group + " : " + perm + "\n")
f.write("\n#### Group organizations ####\n")
for org, group in self.groups.get_all_organization_groups():
f.write(org + " : " + group + "\n")
f.close()
return True
def undo(self):
if os.path.exists(self.team):
if os.remove(self.team):
return True
return False
def do(self):
store = CQDEUserGroupStore(self.project.trac_environment_key)
try:
# Create anon group and give permissions
anon_group_name, anon_priv = conf.public_anon_group
store.add_user_to_group('anonymous', anon_group_name)
for priv in anon_priv:
store.grant_permission_to_group(anon_group_name, priv)
# Create auth group and give permissions
auth_group_name, auth_priv = conf.public_auth_group
store.add_user_to_group('authenticated', auth_group_name)
for priv in auth_priv:
store.grant_permission_to_group(auth_group_name, priv)
# Clear project cache
pc = ProjectCache.instance()
pc.clearProject(self.project.id)
except Exception:
conf.log.exception("Could not make project public")
return False
return True
class SetPermissionsTestCase(CQDETestCase):
def setUp(self):
userObj = User()
userObj.id = 30
userObj.username = '******'
self.projectObj = Project(24,
'storageauthtest',
'Storage auth testing',
'Desc',
userObj.id,
None,
author=userObj)
conf.use_test_db(True)
self.load_fixtures()
self.store = CQDEUserGroupStore(self.projectObj.id)
self.store.remove_group('Owners')
self.store.remove_group('Public contributors')
self.store.remove_group('Public viewers')
def tearDown(self):
conf.use_test_db(False)
# TODO
#def test_do(self):
#command = multiproject.common.projects.commands.SetPermissions(self.projectObj)
#self.assertTrue(command.do())
#gid = self.store.get_group_id('Owners')
#self.assertNotEquals(gid, None)
#ugs = self.store.get_all_user_groups()
#self.assertIn(('testuser', 'Owners'), ugs)
#gps = self.store.get_all_group_permissions()
#self.assertIn(('Owners', 'TRAC_ADMIN'), gps)
## Clean up
#self.store.remove_group('Owners')
def test_undo(self):
conf.use_test_db(True)
self.load_fixtures()
# Prepare
command = multiproject.common.projects.commands.SetPermissions(
self.projectObj)
# Try undo
self.assertTrue(command.undo())
def render_admin_panel(self, req, cat, page, path_info):
""" Renders announcements admin panel
"""
req.perm.require('TRAC_ADMIN')
showforum = self.config.getbool('discussion', 'show_news_forum', True)
project = Project.get(self.env)
groupstore = CQDEUserGroupStore(project.trac_environment_key)
(public_exists, allowed) = self.get_announce_allowed(groupstore)
if req.method == 'POST':
if 'hideforum' in req.args:
self.config.set('discussion', 'show_news_forum', 'false')
self.config.save()
showforum = False
# Notify listeners
for listener in self.announcement_admin_listeners:
listener.announcements_hidden()
elif 'showforum' in req.args:
self.config.set('discussion', 'show_news_forum', 'true')
self.config.save()
showforum = True
# Notify listeners
for listener in self.announcement_admin_listeners:
listener.announcements_visible()
elif 'allow' in req.args:
#Allow should add the DISCUSSION_ANNOUNCE_APPEND to the "public contributors" group.
groupstore.grant_permission_to_group(
"Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
(public_exists,
allowed) = self.get_announce_allowed(groupstore)
elif 'disallow' in req.args:
#Disallow remove it.
groupstore.revoke_permission_from_group(
"Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
(public_exists,
allowed) = self.get_announce_allowed(groupstore)
elif 'rename' in req.args:
news = ProjectNews(project.env_name)
news.rename_news_forum(req.args.get('forumname'))
data = {}
data['showforum'] = showforum
data['allowed'] = allowed
data['public_exists'] = public_exists
return 'admin_news_forum.html', data
class SetPermissionsTestCase(CQDETestCase):
def setUp(self):
userObj = User()
userObj.id = 30
userObj.username = '******'
self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc',
userObj.id, None, author = userObj)
conf.use_test_db(True)
self.load_fixtures()
self.store = CQDEUserGroupStore(self.projectObj.id)
self.store.remove_group('Owners')
self.store.remove_group('Public contributors')
self.store.remove_group('Public viewers')
def tearDown(self):
conf.use_test_db(False)
# TODO
#def test_do(self):
#command = multiproject.common.projects.commands.SetPermissions(self.projectObj)
#self.assertTrue(command.do())
#gid = self.store.get_group_id('Owners')
#self.assertNotEquals(gid, None)
#ugs = self.store.get_all_user_groups()
#self.assertIn(('testuser', 'Owners'), ugs)
#gps = self.store.get_all_group_permissions()
#self.assertIn(('Owners', 'TRAC_ADMIN'), gps)
## Clean up
#self.store.remove_group('Owners')
def test_undo(self):
conf.use_test_db(True)
self.load_fixtures()
# Prepare
command = multiproject.common.projects.commands.SetPermissions(self.projectObj)
# Try undo
self.assertTrue(command.undo())
def undo(self):
visibility = False # make public false
store = CQDEUserGroupStore(self.project.trac_environment_key)
try:
anon_group_name, anon_priv = conf.public_anon_group
auth_group_name, auth_priv = conf.public_auth_group
store.remove_group(anon_group_name)
store.remove_group(auth_group_name)
#set project visibility#public = False
store.update_project_visibility(visibility)
# Clear project cache
pc = ProjectCache.instance()
pc.clearProject(self.project.id)
except Exception, e:
conf.log.exception("Could not make project private")
def render_admin_panel(self, req, cat, page, path_info):
add_script(req, "multiproject/js/jquery-ui.js")
add_script(req, "multiproject/js/permissions.js")
add_stylesheet(req, "multiproject/css/jquery-ui.css")
add_stylesheet(req, "multiproject/css/permissions.css")
is_normal_project = self.env.project_identifier != self.env.config.get("multiproject", "sys_home_project_name")
# API instances
perm_sys = PermissionSystem(self.env)
group_store = CQDEUserGroupStore(env=self.env)
org_store = CQDEOrganizationStore.instance()
if is_normal_project:
membership = MembershipApi(self.env, Project.get(self.env))
else:
membership = None
if req.method == "POST":
action = req.args.get("action")
if action == "remove_member":
self._remove_member(req, group_store)
elif action == "add_member":
add_type = req.args.get("add_type")
if add_type == "user":
self._add_user(req, group_store, membership)
elif add_type == "organization":
self._add_organization(req, group_store)
elif add_type == "ldap_group":
self._add_ldap_group(req, group_store)
elif add_type == "login_status":
login_status = req.args.get("login_status")
if login_status not in ("authenticated", "anonymous"):
raise TracError("Invalid arguments")
self._add_user(req, group_store, membership, username=login_status)
else:
raise TracError("Invalid add_type")
elif action == "add_permission":
self._add_perm_to_group(req, group_store, perm_sys)
elif action == "remove_permission":
self._remove_permission(req, group_store, perm_sys)
elif action == "create_group":
self._create_group(req, group_store, perm_sys)
elif action == "remove_group":
self._remove_group(req, group_store)
elif action == "add_organization":
self._add_organization(req, group_store)
elif action == "decline_membership":
self._decline_membership(req, membership)
else:
raise TracError("Unknown action %s" % action)
# get membership request list after form posts have been processed
if is_normal_project:
membership_requests = set(membership.get_membership_requests())
else:
membership_requests = set()
permissions = set(perm_sys.get_actions())
# check if project if current configuration and permission state is in such state that
# permission editions are likely fail
invalid_state = None
try:
group_store.is_valid_group_members()
except InvalidPermissionsState, e:
add_warning(
req,
_(
"Application permission configuration conflicts with project permissions. "
"Before you can fully edit permissions or users you will need to either remove "
"offending permissions or set correct application configuration. Page reload"
"is required to update this warning."
),
)
add_warning(req, e.message)
def do(self):
store = CQDEUserGroupStore(self.project.trac_environment_key)
author = self.project.author
# Set default groups (adds also author to Owner)
try:
firstDone = False
for grpname, rightslist in conf.default_groups:
store.create_group(grpname)
# add the user only to the first group
if not firstDone:
store.add_user_to_group(author.username, grpname)
firstDone = True
for right in rightslist:
store.grant_permission_to_group(grpname, right)
except:
conf.log.exception("Could not setup initial permissions")
return False
try:
if conf.private_auth_group:
auth_group_name, auth_priv = conf.private_auth_group
store.add_user_to_group('authenticated', auth_group_name)
for priv in auth_priv:
store.grant_permission_to_group(auth_group_name, priv)
except Exception:
conf.log.exception("Could not setup initial permissions")
return False
return True
def __init__(self, project):
Command.__init__(self)
self.name = "ArchiveProjectTeam"
self.project = project
self.groups = CQDEUserGroupStore(project.trac_environment_key)
def __init__(self, project):
Command.__init__(self)
self.name = "ArchiveProjectTeam"
self.project = project
self.groups = CQDEUserGroupStore(project.trac_environment_key)
def do(self):
visibility = True
published = datetime.now()
store = CQDEUserGroupStore(self.project.trac_environment_key)
try:
# Create anon group and give permissions
anon_group_name, anon_priv = conf.public_anon_group
store.add_user_to_group('anonymous', anon_group_name)
for priv in anon_priv:
store.grant_permission_to_group(anon_group_name, priv)
# Create auth group and give permissions
auth_group_name, auth_priv = conf.public_auth_group
store.add_user_to_group('authenticated', auth_group_name)
for priv in auth_priv:
store.grant_permission_to_group(auth_group_name, priv)
#set project visibility#public = True
store.update_project_visibility(visibility,str(published))
# Clear project cache
pc = ProjectCache.instance()
pc.clearProject(self.project.id)
except Exception:
conf.log.exception("Could not make project public")
return False
return True
def render_admin_panel(self, req, cat, page, path_info):
add_script(req, 'multiproject/js/jquery-ui.js')
add_script(req, 'multiproject/js/permissions.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
add_stylesheet(req, 'multiproject/css/permissions.css')
project = Project.get(self.env) #
is_normal_project = self.env.project_identifier != \
self.env.config.get('multiproject', 'sys_home_project_name')
# API instances
perm_sys = PermissionSystem(self.env)
group_store = CQDEUserGroupStore(env=self.env)
org_store = CQDEOrganizationStore.instance()
if is_normal_project:
membership = MembershipApi(self.env, Project.get(self.env))
else:
membership = None
if req.method == 'POST':
action = req.args.get('action')
if action == 'remove_member':
self._remove_member(req, group_store)
elif action == 'add_member':
add_type = req.args.get('add_type')
if add_type == 'user':
self._add_user(req, group_store, membership)
elif add_type == 'organization':
self._add_organization(req, group_store)
elif add_type == 'ldap_group':
self._add_ldap_group(req, group_store)
elif add_type == 'login_status':
login_status = req.args.get('login_status')
if login_status not in ('authenticated', 'anonymous'):
raise TracError('Invalid arguments')
self._add_user(req, group_store, membership, username=login_status)
else:
raise TracError('Invalid add_type')
elif action == 'add_permission':
self._add_perm_to_group(req, group_store, perm_sys)
elif action == 'remove_permission':
self._remove_permission(req, group_store, perm_sys)
elif action == 'create_group':
self._create_group(req, group_store, perm_sys)
elif action == 'remove_group':
self._remove_group(req, group_store)
elif action == 'add_organization':
self._add_organization(req, group_store)
elif action == 'decline_membership':
self._decline_membership(req, membership)
elif 'makepublic' in req.args:
project_api = Projects()
if conf.allow_public_projects:
self._make_public(req, project)
project_api.add_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError("Public projects are disabled", "Error!")
elif 'makeprivate' in req.args:
project_api = Projects()
self._make_private(req, project)
project_api.remove_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError('Unknown action %s' % action)
# get membership request list after form posts have been processed
if is_normal_project:
membership_requests = set(membership.get_membership_requests())
else:
membership_requests = set()
permissions = set(perm_sys.get_actions())
# check if project if current configuration and permission state is in such state that
# permission editions are likely fail
invalid_state = None
if is_normal_project:
is_a_public = project.public
else:
is_a_public = ""
try:
group_store.is_valid_group_members()
except InvalidPermissionsState, e:
add_warning(req, _('Application permission configuration conflicts with project permissions. '
'Before you can fully edit permissions or users you will need to either remove '
'offending permissions or set correct application configuration. Page reload'
'is required to update this warning.'))
add_warning(req, e.message)
def render_admin_panel(self, req, cat, page, path_info):
add_script(req, 'multiproject/js/jquery-ui.js')
add_script(req, 'multiproject/js/permissions.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
add_stylesheet(req, 'multiproject/css/permissions.css')
project = Project.get(self.env) #
is_normal_project = self.env.project_identifier != \
self.env.config.get('multiproject', 'sys_home_project_name')
# API instances
perm_sys = PermissionSystem(self.env)
group_store = CQDEUserGroupStore(env=self.env)
org_store = CQDEOrganizationStore.instance()
if is_normal_project:
membership = MembershipApi(self.env, Project.get(self.env))
else:
membership = None
if req.method == 'POST':
action = req.args.get('action')
if action == 'remove_member':
self._remove_member(req, group_store)
elif action == 'add_member':
add_type = req.args.get('add_type')
if add_type == 'user':
self._add_user(req, group_store, membership)
elif add_type == 'organization':
self._add_organization(req, group_store)
elif add_type == 'ldap_group':
self._add_ldap_group(req, group_store)
elif add_type == 'login_status':
login_status = req.args.get('login_status')
if login_status not in ('authenticated', 'anonymous'):
raise TracError('Invalid arguments')
self._add_user(req,
group_store,
membership,
username=login_status)
else:
raise TracError('Invalid add_type')
elif action == 'add_permission':
self._add_perm_to_group(req, group_store, perm_sys)
elif action == 'remove_permission':
self._remove_permission(req, group_store, perm_sys)
elif action == 'create_group':
self._create_group(req, group_store, perm_sys)
elif action == 'remove_group':
self._remove_group(req, group_store)
elif action == 'add_organization':
self._add_organization(req, group_store)
elif action == 'decline_membership':
self._decline_membership(req, membership)
elif 'makepublic' in req.args:
project_api = Projects()
if conf.allow_public_projects:
self._make_public(req, project)
project_api.add_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError("Public projects are disabled", "Error!")
elif 'makeprivate' in req.args:
project_api = Projects()
self._make_private(req, project)
project_api.remove_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError('Unknown action %s' % action)
# get membership request list after form posts have been processed
if is_normal_project:
membership_requests = set(membership.get_membership_requests())
else:
membership_requests = set()
permissions = set(perm_sys.get_actions())
# check if project if current configuration and permission state is in such state that
# permission editions are likely fail
invalid_state = None
if is_normal_project:
is_a_public = project.public
else:
is_a_public = ""
try:
group_store.is_valid_group_members()
except InvalidPermissionsState, e:
add_warning(
req,
_('Application permission configuration conflicts with project permissions. '
'Before you can fully edit permissions or users you will need to either remove '
'offending permissions or set correct application configuration. Page reload'
'is required to update this warning.'))
add_warning(req, e.message)
def do(self):
store = CQDEUserGroupStore(self.project.trac_environment_key)
author = self.project.author
# Set default groups (adds also author to Owner)
try:
firstDone = False
for grpname, rightslist in conf.default_groups:
store.create_group(grpname)
# add the user only to the first group
# NOTE: Creates the group defined by grpname
if not firstDone:
# Do not validate group permissions on creation
store.add_user_to_group(author.username, grpname, validate=False)
firstDone = True
for right in rightslist:
store.grant_permission_to_group(grpname, right)
except:
conf.log.exception("Could not setup initial permissions")
return False
try:
if conf.private_auth_group:
auth_group_name, auth_priv = conf.private_auth_group
# Do not validate group permissions on creation
store.add_user_to_group('authenticated', auth_group_name)
for priv in auth_priv:
store.grant_permission_to_group(auth_group_name, priv)
except Exception:
conf.log.exception("Could not setup initial permissions")
return False
return True