class ArchiveProjectTeam(Command):
    """ Store users and permissions into flat file

        This file will be sent for author if project is restored
    """
    def __init__(self, project):
        Command.__init__(self)
        self.name = "ArchiveProjectTeam"
        self.project = project
        self.groups = CQDEUserGroupStore(project.trac_environment_key)

    def do(self):
        self.team = self.project.archive_path + "/team.txt"
        f = open(self.team, 'w')

        f.write("#### Users in groups ####\n")
        for user, group in self.groups.get_all_user_groups():
            f.write(user + ' : ' + group + "\n")

        f.write("\n#### Group permissions ####\n")
        for group, perm in self.groups.get_all_group_permissions():
            f.write(group + ' : ' + perm + "\n")

        f.write("\n#### Group organizations ####\n")
        for org, group in self.groups.get_all_organization_groups():
            f.write(org + ' : ' + group + "\n")

        f.close()
        return True

    def undo(self):
        if os.path.exists(self.team):
            if os.remove(self.team):
                return True
        return False
Beispiel #2
0
    def public(self):
        """
        Check the project visibility

        :returns: True if project is considered public (wide permissions), otherwise False
        """
        groupstore = CQDEUserGroupStore(self.trac_environment_key)
        return groupstore.is_public_project()
Beispiel #3
0
    def _apply_changes(self, req, project):
        """
        Saves changes into database and project configuration file
        """
        try:
            # Save information into database
            project.project_name = req.args.get('name')
            project.description = req.args.get('descr')

            # Update author if needed
            author_id = req.args.get('author_id')
            if author_id and project.author_id != int(author_id):
                userstore = get_userstore()
                author = userstore.getUserWhereId(author_id)
                project.author = author

                # Check if author has admin permission to project: put in project if not
                authorperm = PermissionCache(self.env, author.username)
                if 'TRAC_ADMIN' not in authorperm:
                    admin_rights = False
                    groupstore = CQDEUserGroupStore(
                        project.trac_environment_key)
                    # Iterate existing project groups and put user into group with TRAC_ADMIN rights
                    for gname, pname in groupstore.get_all_group_permissions():
                        if pname == 'TRAC_ADMIN':
                            groupstore.add_user_to_group(
                                author.username, gname)
                            admin_rights = True
                            add_notice(
                                req,
                                _('Added TRAC_ADMIN permissions to user: {0}'.
                                  format(author.username)))

                    if not admin_rights:
                        permlink = tag.a(
                            'You way want to modify permissions',
                            href=req.href('admin/general/permissions'))
                        add_warning(
                            req,
                            tag(
                                _('User {0} does not have administrative rights to project. '
                                  .format(author.username)), permlink))

            # Save changes to database
            project.save()

            # Save information into config
            for option in ('name', 'descr'):
                self.config.set('project', option, req.args.get(option))
            self.config.save()

        except Exception, e:
            self.log.exception('Failed to save project changes')
            add_warning(req, _('Failed to save changes: {0}'.format(e)))
            return req.redirect(req.href('admin/general/basics'))
Beispiel #4
0
    def _get_team_info(self, project):
        """
        Reads team members and sorts them so that default groups
        are first and other groups are last (in alphabetical order)

        :param Project project: Project to retrieve team info from
        :returns: tuple of data: teams, members
        """
        ug = CQDEUserGroupStore(project.trac_environment_key)
        team = sorted(ug.get_all_user_groups(), key=lambda tmp: tmp[1])

        # TODO: Implement better

        default_group_names = [tuple[0] for tuple in conf.default_groups]
        default_group_names += [
            conf.public_auth_group[0], conf.public_anon_group[0]
        ]
        first = {}
        last = {}
        all_members = {}

        # Create group => member hash
        userstore = get_userstore()
        for member, group in team:
            all_members[member] = 1
            account = userstore.getUser(username=member)

            if group in default_group_names:
                if group not in first:
                    first[group] = []
                first[group].append(account)
            else:
                if group not in last:
                    last[group] = []
                last[group].append(account)

        # Create group, memberlist tuples from items and keep them sorted
        # First read the default groups in to list of tuples in the order they are defined in conf
        items = []
        for group in default_group_names:
            if first.has_key(group):
                items += [(group, first[group])]

        # Then append other groups in alphabetical order
        items += sorted(last.items(), key=lambda tmp: tmp[0])

        # Then join all the members as a one markup string with member links
        teams = []
        for group, members in items:
            teams.append((group, members))

        # Team members in (group, member_uri) type, and all member names
        return teams, all_members.keys()
Beispiel #5
0
    def _get_team_info(self, project):
        """
        Reads team members and sorts them so that default groups
        are first and other groups are last (in alphabetical order)

        :param Project project: Project to retrieve team info from
        :returns: tuple of data: teams, members
        """
        ug = CQDEUserGroupStore(project.trac_environment_key)
        team = sorted(ug.get_all_user_groups(), key=lambda tmp: tmp[1])

         # TODO: Implement better

        default_group_names = [tuple[0] for tuple in conf.default_groups]
        default_group_names += [conf.public_auth_group[0], conf.public_anon_group[0]]
        first = {}
        last = {}
        all_members = {}

        # Create group => member hash
        userstore = get_userstore()
        for member, group in team:
            all_members[member] = 1
            account = userstore.getUser(username=member)

            if group in default_group_names:
                if group not in first:
                    first[group] = []
                first[group].append(account)
            else:
                if group not in last:
                    last[group] = []
                last[group].append(account)

        # Create group, memberlist tuples from items and keep them sorted
        # First read the default groups in to list of tuples in the order they are defined in conf
        items = []
        for group in default_group_names:
            if first.has_key(group):
                items += [(group, first[group])]

        # Then append other groups in alphabetical order
        items += sorted(last.items(), key = lambda tmp: tmp[0])

        # Then join all the members as a one markup string with member links
        teams = []
        for group, members in items:
            teams.append((group, members))

        # Team members in (group, member_uri) type, and all member names
        return teams, all_members.keys()
Beispiel #6
0
    def undo(self):
        store = CQDEUserGroupStore(self.project.trac_environment_key)

        try:
            anon_group_name, anon_priv = conf.public_anon_group
            auth_group_name, auth_priv = conf.public_auth_group

            store.remove_group(anon_group_name)
            store.remove_group(auth_group_name)

            # Clear project cache
            pc = ProjectCache.instance()
            pc.clearProject(self.project.id)

        except Exception, e:
            conf.log.exception("Could not make project private")
Beispiel #7
0
    def remove_user(self, req):
        """
        Show removal form and handle POST as remove action
        """
        username = req.args.get('username')

        # Check method and permissions
        if not req.method.upper() == 'POST' or not username:
            raise PermissionError()

        # Load user
        userstore = get_userstore()
        user = userstore.getUser(req.authname)
        account = userstore.getUser(username)

        if not account:
            add_warning(req, "Could not find user '{0}' from service".format(account.username))
            return req.redirect(req.href('admin/users/manage'))

        # Check permissions
        req.perm.require('USER_AUTHOR', Resource('user', id=account.id))

        # If removable user is project author, change the ownership to person who deletes the user
        papi = projects.Projects()
        for project in papi.get_authored_projects(account):
            project.author = user
            project.save()

            # Check if user has TRAC_ADMIN rights for the new project, if not, try setting
            if not req.perm.has_permission('TRAC_ADMIN', Resource('project', id=project.id)):
                groupstore = CQDEUserGroupStore(project.trac_environment_key)
                # Iterate existing project groups and put user into group with TRAC_ADMIN rights
                for gname, pname in groupstore.get_all_group_permissions():
                    if pname == 'TRAC_ADMIN':
                        groupstore.add_user_to_group(project.author.username, gname)
                        self.log.info('Added TRAC_ADMIN permissions to {0} at {0}'.format(project.author, project))

            self.log.info('Changed ownership of project {0} from {0} to {0}'.format(project, project.author, user))
            add_notice(req, tag(_("Changed ownership of the project to you: "), tag.a(project.project_name, href=req.href('..', project.env_name))))

        if userstore.deleteUser(account):
            add_notice(req, "Removed user '{0}' successfully from local store".format(account.username))
        else:
            add_warning(req, "Failed to remove user '{0}' from local store".format(account.username))

        # Redirect to user listing
        return req.redirect(req.href('admin/users/manage'))
Beispiel #8
0
    def remove_user(self, req):
        """
        Show removal form and handle POST as remove action
        """
        username = req.args.get('username')

        # Check method and permissions
        if not req.method.upper() == 'POST' or not username:
            raise PermissionError()

        # Load user
        userstore = get_userstore()
        user = userstore.getUser(req.authname)
        account = userstore.getUser(username)

        if not account:
            add_warning(req, "Could not find user '{0}' from service".format(account.username))
            return req.redirect(req.href('admin/users/manage'))

        # Check permissions
        req.perm.require('USER_AUTHOR', Resource('user', id=account.id))

        # If removable user is project author, change the ownership to person who deletes the user
        papi = projects.Projects()
        for project in papi.get_authored_projects(account):
            project.author = user
            project.save()

            # Check if user has TRAC_ADMIN rights for the new project, if not, try setting
            if not req.perm.has_permission('TRAC_ADMIN', Resource('project', id=project.id)):
                groupstore = CQDEUserGroupStore(project.trac_environment_key)
                # Iterate existing project groups and put user into group with TRAC_ADMIN rights
                for gname, pname in groupstore.get_all_group_permissions():
                    if pname == 'TRAC_ADMIN':
                        groupstore.add_user_to_group(project.author.username, gname)
                        self.log.info('Added TRAC_ADMIN permissions to {0} at {0}'.format(project.author, project))

            self.log.info('Changed ownership of project {0} from {0} to {0}'.format(project, project.author, user))
            add_notice(req, tag(_("Changed ownership of the project to you: "), tag.a(project.project_name, href=req.href('..', project.env_name))))

        if userstore.deleteUser(account):
            add_notice(req, "Removed user '{0}' successfully from local store".format(account.username))
        else:
            add_warning(req, "Failed to remove user '{0}' from local store".format(account.username))

        # Redirect to user listing
        return req.redirect(req.href('admin/users/manage'))
Beispiel #9
0
    def setUp(self):
        userObj = User()
        userObj.id = 30
        userObj.username = '******'

        self.projectObj = Project(24,
                                  'storageauthtest',
                                  'Storage auth testing',
                                  'Desc',
                                  userObj.id,
                                  None,
                                  author=userObj)
        conf.use_test_db(True)
        self.load_fixtures()
        self.store = CQDEUserGroupStore(self.projectObj.id)
        self.store.remove_group('Owners')
        self.store.remove_group('Public contributors')
        self.store.remove_group('Public viewers')
Beispiel #10
0
    def _apply_changes(self, req, project):
        """
        Saves changes into database and project configuration file
        """
        try:
            # Save information into database
            project.project_name = req.args.get('name')
            project.description = req.args.get('descr')

            # Update author if needed
            author_id = req.args.get('author_id')
            if author_id and project.author_id != int(author_id):
                userstore = get_userstore()
                author = userstore.getUserWhereId(author_id)
                project.author = author

                # Check if author has admin permission to project: put in project if not
                authorperm = PermissionCache(self.env, author.username)
                if 'TRAC_ADMIN' not in authorperm:
                    admin_rights = False
                    groupstore = CQDEUserGroupStore(project.trac_environment_key)
                    # Iterate existing project groups and put user into group with TRAC_ADMIN rights
                    for gname, pname in groupstore.get_all_group_permissions():
                        if pname == 'TRAC_ADMIN':
                            groupstore.add_user_to_group(author.username, gname)
                            admin_rights = True
                            add_notice(req, _('Added TRAC_ADMIN permissions to user: {0}'.format(author.username)))

                    if not admin_rights:
                        permlink = tag.a('You way want to modify permissions', href=req.href('admin/general/permissions'))
                        add_warning(req, tag(_('User {0} does not have administrative rights to project. '.format(author.username)), permlink))

            # Save changes to database
            project.save()

            # Save information into config
            for option in ('name', 'descr'):
                self.config.set('project', option, req.args.get(option))
            self.config.save()

        except Exception, e:
            self.log.exception('Failed to save project changes')
            add_warning(req, _('Failed to save changes: {0}'.format(e)))
            return req.redirect(req.href('admin/general/basics'))
Beispiel #11
0
    def render_admin_panel(self, req, cat, page, path_info):
        """ Renders announcements admin panel
        """
        req.perm.require('TRAC_ADMIN')

        showforum = self.config.getbool('discussion', 'show_news_forum', True)

        project = Project.get(self.env)
        groupstore = CQDEUserGroupStore(project.trac_environment_key)
        (public_exists, allowed) = self.get_announce_allowed(groupstore)

        if req.method == 'POST':
            if 'hideforum' in req.args:
                self.config.set('discussion', 'show_news_forum', 'false')
                self.config.save()
                showforum = False
                # Notify listeners
                for listener in self.announcement_admin_listeners:
                    listener.announcements_hidden()
            elif 'showforum' in req.args:
                self.config.set('discussion', 'show_news_forum', 'true')
                self.config.save()
                showforum = True
                # Notify listeners
                for listener in self.announcement_admin_listeners:
                    listener.announcements_visible()
            elif 'allow' in req.args:
                #Allow should add the DISCUSSION_ANNOUNCE_APPEND to the "public contributors" group.
                groupstore.grant_permission_to_group("Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
                (public_exists, allowed) = self.get_announce_allowed(groupstore)
            elif 'disallow' in req.args:
                #Disallow remove it.
                groupstore.revoke_permission_from_group("Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
                (public_exists, allowed) = self.get_announce_allowed(groupstore)
            elif 'rename' in req.args:
                news = ProjectNews(project.env_name)
                news.rename_news_forum(req.args.get('forumname'))

        data = {}
        data['showforum'] = showforum
        data['allowed'] = allowed
        data['public_exists'] = public_exists
        return 'admin_news_forum.html', data
Beispiel #12
0
    def setUp(self):
        userObj = User()
        userObj.id = 30
        userObj.username = '******'

        self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc',
                                  userObj.id, None, author = userObj)
        conf.use_test_db(True)
        self.load_fixtures()
        self.store = CQDEUserGroupStore(self.projectObj.id)
        self.store.remove_group('Owners')
        self.store.remove_group('Public contributors')
        self.store.remove_group('Public viewers')
Beispiel #13
0
    def expand_macro(self, formatter, name, content, args=None):
        """
        Returns the outcome from macro.
        Supported arguments:

        - project: Name of the project to show status / provide follow buttons. Defaults to current project

        """
        req = formatter.req

        # Load project from db
        project = Project.get(self.env)

        # Get project metadata (categories)
        (combined_categories, separated_categories_per_context, context_by_id,
         context_order, languages) = self._get_project_categories(project)

        # Get project visibility: public or private
        ug = CQDEUserGroupStore(project.trac_environment_key)
        visibility = _('Public') if ug.is_public_project() else _('Private')

        # Return rendered HTML with JS attached to it
        data = {
            '_project_': project,
            'combined_categories': combined_categories,
            'separated_categories_per_context': separated_categories_per_context,
            'context_order': context_order,
            'languages': languages,
            'context_by_id': context_by_id,
            'visibility_label': visibility, # Private / Public
            'to_web_time': to_web_time # TODO: Is this really required?
        }

        chrome = Chrome(self.env)
        stream = chrome.render_template(req, 'multiproject_summary.html', data, fragment=True)
        if req.form_token:
            stream |= chrome._add_form_token(req.form_token)
        return stream
Beispiel #14
0
    def process_request(self, req):
        req.perm.require('MEMBERSHIP_REQUEST_CREATE')
        all_members = {}

        project = Project.get(self.env)
        ug = CQDEUserGroupStore(project.trac_environment_key)
        for member, group in ug.get_all_user_groups():
            all_members[member] = 1

        if req.authname in all_members.keys():
            type = "privilege"
        else:
            type = "membership"

        # Check the message length only if user has clicked 'request'
        msg_ok = 'request' not in req.args or ('message' in req.args and
            len(req.args.get('message')) >= 40)

        # If request, then make request, ow. show form
        if req.args.has_key('request') and msg_ok:
            return self.make_membership_request(req)
        else:
            return 'membership_request_form.html', {'type':type, 'msg_ok':msg_ok,
                                                    'message':req.args.get('message')}, None
Beispiel #15
0
class ArchiveProjectTeam(Command):
    """ Store users and permissions into flat file

        This file will be sent for author if project is restored
    """

    def __init__(self, project):
        Command.__init__(self)
        self.name = "ArchiveProjectTeam"
        self.project = project
        self.groups = CQDEUserGroupStore(project.trac_environment_key)

    def do(self):
        self.team = self.project.archive_path + "/team.txt"
        f = open(self.team, "w")

        f.write("#### Users in groups ####\n")
        for user, group in self.groups.get_all_user_groups():
            f.write(user + " : " + group + "\n")

        f.write("\n#### Group permissions ####\n")
        for group, perm in self.groups.get_all_group_permissions():
            f.write(group + " : " + perm + "\n")

        f.write("\n#### Group organizations ####\n")
        for org, group in self.groups.get_all_organization_groups():
            f.write(org + " : " + group + "\n")

        f.close()
        return True

    def undo(self):
        if os.path.exists(self.team):
            if os.remove(self.team):
                return True
        return False
Beispiel #16
0
    def do(self):
        store = CQDEUserGroupStore(self.project.trac_environment_key)

        try:
            # Create anon group and give permissions
            anon_group_name, anon_priv = conf.public_anon_group
            store.add_user_to_group('anonymous', anon_group_name)
            for priv in anon_priv:
                store.grant_permission_to_group(anon_group_name, priv)

            # Create auth group and give permissions
            auth_group_name, auth_priv = conf.public_auth_group
            store.add_user_to_group('authenticated', auth_group_name)
            for priv in auth_priv:
                store.grant_permission_to_group(auth_group_name, priv)

            # Clear project cache
            pc = ProjectCache.instance()
            pc.clearProject(self.project.id)

        except Exception:
            conf.log.exception("Could not make project public")
            return False
        return True
Beispiel #17
0
class SetPermissionsTestCase(CQDETestCase):
    def setUp(self):
        userObj = User()
        userObj.id = 30
        userObj.username = '******'

        self.projectObj = Project(24,
                                  'storageauthtest',
                                  'Storage auth testing',
                                  'Desc',
                                  userObj.id,
                                  None,
                                  author=userObj)
        conf.use_test_db(True)
        self.load_fixtures()
        self.store = CQDEUserGroupStore(self.projectObj.id)
        self.store.remove_group('Owners')
        self.store.remove_group('Public contributors')
        self.store.remove_group('Public viewers')

    def tearDown(self):
        conf.use_test_db(False)

    # TODO
    #def test_do(self):
    #command = multiproject.common.projects.commands.SetPermissions(self.projectObj)
    #self.assertTrue(command.do())

    #gid = self.store.get_group_id('Owners')

    #self.assertNotEquals(gid, None)

    #ugs = self.store.get_all_user_groups()
    #self.assertIn(('testuser', 'Owners'), ugs)

    #gps = self.store.get_all_group_permissions()
    #self.assertIn(('Owners', 'TRAC_ADMIN'), gps)

    ## Clean up
    #self.store.remove_group('Owners')

    def test_undo(self):
        conf.use_test_db(True)
        self.load_fixtures()
        # Prepare
        command = multiproject.common.projects.commands.SetPermissions(
            self.projectObj)
        # Try undo
        self.assertTrue(command.undo())
    def render_admin_panel(self, req, cat, page, path_info):
        """ Renders announcements admin panel
        """
        req.perm.require('TRAC_ADMIN')

        showforum = self.config.getbool('discussion', 'show_news_forum', True)

        project = Project.get(self.env)
        groupstore = CQDEUserGroupStore(project.trac_environment_key)
        (public_exists, allowed) = self.get_announce_allowed(groupstore)

        if req.method == 'POST':
            if 'hideforum' in req.args:
                self.config.set('discussion', 'show_news_forum', 'false')
                self.config.save()
                showforum = False
                # Notify listeners
                for listener in self.announcement_admin_listeners:
                    listener.announcements_hidden()
            elif 'showforum' in req.args:
                self.config.set('discussion', 'show_news_forum', 'true')
                self.config.save()
                showforum = True
                # Notify listeners
                for listener in self.announcement_admin_listeners:
                    listener.announcements_visible()
            elif 'allow' in req.args:
                #Allow should add the DISCUSSION_ANNOUNCE_APPEND to the "public contributors" group.
                groupstore.grant_permission_to_group(
                    "Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
                (public_exists,
                 allowed) = self.get_announce_allowed(groupstore)
            elif 'disallow' in req.args:
                #Disallow remove it.
                groupstore.revoke_permission_from_group(
                    "Public contributors", "DISCUSSION_ANNOUNCEAPPEND")
                (public_exists,
                 allowed) = self.get_announce_allowed(groupstore)
            elif 'rename' in req.args:
                news = ProjectNews(project.env_name)
                news.rename_news_forum(req.args.get('forumname'))

        data = {}
        data['showforum'] = showforum
        data['allowed'] = allowed
        data['public_exists'] = public_exists
        return 'admin_news_forum.html', data
Beispiel #19
0
class SetPermissionsTestCase(CQDETestCase):

    def setUp(self):
        userObj = User()
        userObj.id = 30
        userObj.username = '******'

        self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc',
                                  userObj.id, None, author = userObj)
        conf.use_test_db(True)
        self.load_fixtures()
        self.store = CQDEUserGroupStore(self.projectObj.id)
        self.store.remove_group('Owners')
        self.store.remove_group('Public contributors')
        self.store.remove_group('Public viewers')

    def tearDown(self):
        conf.use_test_db(False)

    # TODO
    #def test_do(self):
        #command = multiproject.common.projects.commands.SetPermissions(self.projectObj)
        #self.assertTrue(command.do())

        #gid = self.store.get_group_id('Owners')

        #self.assertNotEquals(gid, None)

        #ugs = self.store.get_all_user_groups()
        #self.assertIn(('testuser', 'Owners'), ugs)

        #gps = self.store.get_all_group_permissions()
        #self.assertIn(('Owners', 'TRAC_ADMIN'), gps)

        ## Clean up
        #self.store.remove_group('Owners')

    def test_undo(self):
        conf.use_test_db(True)
        self.load_fixtures()
        # Prepare
        command = multiproject.common.projects.commands.SetPermissions(self.projectObj)
        # Try undo
        self.assertTrue(command.undo())
    def undo(self):
        visibility = False # make public false
        store = CQDEUserGroupStore(self.project.trac_environment_key)

        try:
            anon_group_name, anon_priv = conf.public_anon_group
            auth_group_name, auth_priv = conf.public_auth_group

            store.remove_group(anon_group_name)
            store.remove_group(auth_group_name)

            #set project visibility#public = False
            store.update_project_visibility(visibility)

            # Clear project cache
            pc = ProjectCache.instance()
            pc.clearProject(self.project.id)

        except Exception, e:
            conf.log.exception("Could not make project private")
Beispiel #21
0
    def render_admin_panel(self, req, cat, page, path_info):

        add_script(req, "multiproject/js/jquery-ui.js")
        add_script(req, "multiproject/js/permissions.js")
        add_stylesheet(req, "multiproject/css/jquery-ui.css")
        add_stylesheet(req, "multiproject/css/permissions.css")

        is_normal_project = self.env.project_identifier != self.env.config.get("multiproject", "sys_home_project_name")

        # API instances
        perm_sys = PermissionSystem(self.env)
        group_store = CQDEUserGroupStore(env=self.env)
        org_store = CQDEOrganizationStore.instance()
        if is_normal_project:
            membership = MembershipApi(self.env, Project.get(self.env))
        else:
            membership = None

        if req.method == "POST":
            action = req.args.get("action")
            if action == "remove_member":
                self._remove_member(req, group_store)
            elif action == "add_member":
                add_type = req.args.get("add_type")
                if add_type == "user":
                    self._add_user(req, group_store, membership)
                elif add_type == "organization":
                    self._add_organization(req, group_store)
                elif add_type == "ldap_group":
                    self._add_ldap_group(req, group_store)
                elif add_type == "login_status":
                    login_status = req.args.get("login_status")
                    if login_status not in ("authenticated", "anonymous"):
                        raise TracError("Invalid arguments")
                    self._add_user(req, group_store, membership, username=login_status)
                else:
                    raise TracError("Invalid add_type")
            elif action == "add_permission":
                self._add_perm_to_group(req, group_store, perm_sys)
            elif action == "remove_permission":
                self._remove_permission(req, group_store, perm_sys)
            elif action == "create_group":
                self._create_group(req, group_store, perm_sys)
            elif action == "remove_group":
                self._remove_group(req, group_store)
            elif action == "add_organization":
                self._add_organization(req, group_store)
            elif action == "decline_membership":
                self._decline_membership(req, membership)
            else:
                raise TracError("Unknown action %s" % action)

        # get membership request list after form posts have been processed
        if is_normal_project:
            membership_requests = set(membership.get_membership_requests())
        else:
            membership_requests = set()

        permissions = set(perm_sys.get_actions())

        # check if project if current configuration and permission state is in such state that
        # permission editions are likely fail
        invalid_state = None
        try:
            group_store.is_valid_group_members()
        except InvalidPermissionsState, e:
            add_warning(
                req,
                _(
                    "Application permission configuration conflicts with project permissions. "
                    "Before you can fully edit permissions or users you will need to either remove "
                    "offending permissions or set correct application configuration. Page reload"
                    "is required to update this warning."
                ),
            )
            add_warning(req, e.message)
Beispiel #22
0
    def do(self):
        store = CQDEUserGroupStore(self.project.trac_environment_key)
        author = self.project.author

        # Set default groups (adds also author to Owner)
        try:
            firstDone = False
            for grpname, rightslist in conf.default_groups:
                store.create_group(grpname)

                # add the user only to the first group
                if not firstDone:
                    store.add_user_to_group(author.username, grpname)
                    firstDone = True

                for right in rightslist:
                    store.grant_permission_to_group(grpname, right)
        except:
            conf.log.exception("Could not setup initial permissions")
            return False

        try:
            if conf.private_auth_group:
                auth_group_name, auth_priv = conf.private_auth_group
                store.add_user_to_group('authenticated', auth_group_name)
                for priv in auth_priv:
                    store.grant_permission_to_group(auth_group_name, priv)
        except Exception:
            conf.log.exception("Could not setup initial permissions")
            return False
        return True
Beispiel #23
0
 def __init__(self, project):
     Command.__init__(self)
     self.name = "ArchiveProjectTeam"
     self.project = project
     self.groups = CQDEUserGroupStore(project.trac_environment_key)
Beispiel #24
0
 def __init__(self, project):
     Command.__init__(self)
     self.name = "ArchiveProjectTeam"
     self.project = project
     self.groups = CQDEUserGroupStore(project.trac_environment_key)
    def do(self):
        visibility = True
        published = datetime.now()
        store = CQDEUserGroupStore(self.project.trac_environment_key)

        try:
            # Create anon group and give permissions
            anon_group_name, anon_priv = conf.public_anon_group
            store.add_user_to_group('anonymous', anon_group_name)
            for priv in anon_priv:
                store.grant_permission_to_group(anon_group_name, priv)

            # Create auth group and give permissions
            auth_group_name, auth_priv = conf.public_auth_group
            store.add_user_to_group('authenticated', auth_group_name)
            for priv in auth_priv:
                store.grant_permission_to_group(auth_group_name, priv)

            #set project visibility#public = True
            store.update_project_visibility(visibility,str(published))

            # Clear project cache
            pc = ProjectCache.instance()
            pc.clearProject(self.project.id)

        except Exception:
            conf.log.exception("Could not make project public")
            return False
        return True
    def render_admin_panel(self, req, cat, page, path_info):

        add_script(req, 'multiproject/js/jquery-ui.js')
        add_script(req, 'multiproject/js/permissions.js')
        add_stylesheet(req, 'multiproject/css/jquery-ui.css')
        add_stylesheet(req, 'multiproject/css/permissions.css')
        
        project = Project.get(self.env) #
        is_normal_project = self.env.project_identifier != \
                            self.env.config.get('multiproject', 'sys_home_project_name')

        # API instances
        perm_sys = PermissionSystem(self.env)
        group_store = CQDEUserGroupStore(env=self.env)
        org_store = CQDEOrganizationStore.instance()
        if is_normal_project:
            membership = MembershipApi(self.env, Project.get(self.env))
        else:
            membership = None

        if req.method == 'POST':
            action = req.args.get('action')
            if action == 'remove_member':
                self._remove_member(req, group_store)
            elif action == 'add_member':
                add_type = req.args.get('add_type')
                if add_type == 'user':
                    self._add_user(req, group_store, membership)
                elif add_type == 'organization':
                    self._add_organization(req, group_store)
                elif add_type == 'ldap_group':
                    self._add_ldap_group(req, group_store)
                elif add_type == 'login_status':
                    login_status = req.args.get('login_status')
                    if login_status not in ('authenticated', 'anonymous'):
                        raise TracError('Invalid arguments')
                    self._add_user(req, group_store, membership, username=login_status)
                else:
                    raise TracError('Invalid add_type')
            elif action == 'add_permission':
                self._add_perm_to_group(req, group_store, perm_sys)
            elif action == 'remove_permission':
                self._remove_permission(req, group_store, perm_sys)
            elif action == 'create_group':
                self._create_group(req, group_store, perm_sys)
            elif action == 'remove_group':
                self._remove_group(req, group_store)
            elif action == 'add_organization':
                self._add_organization(req, group_store)
            elif action == 'decline_membership':
                self._decline_membership(req, membership)
            elif 'makepublic' in req.args:
                project_api = Projects()
                if conf.allow_public_projects:
                    self._make_public(req, project)
                    project_api.add_public_project_visibility(project.id)
                    # Reload page
                    return req.redirect(req.href(req.path_info))
                else:
                    raise TracError("Public projects are disabled", "Error!")
            elif 'makeprivate' in req.args:
                project_api = Projects()
                self._make_private(req, project)
                project_api.remove_public_project_visibility(project.id)
                # Reload page
                return req.redirect(req.href(req.path_info))
            else:
                raise TracError('Unknown action %s' % action)

        # get membership request list after form posts have been processed
        if is_normal_project:
            membership_requests = set(membership.get_membership_requests())
        else:
            membership_requests = set()

        permissions = set(perm_sys.get_actions())

        # check if project if current configuration and permission state is in such state that
        # permission editions are likely fail
        invalid_state = None

        if is_normal_project:
            is_a_public = project.public
        else:
            is_a_public = ""


        try:
            group_store.is_valid_group_members()
        except InvalidPermissionsState, e:
            add_warning(req, _('Application permission configuration conflicts with project permissions. '
                               'Before you can fully edit permissions or users you will need to either remove '
                               'offending permissions or set correct application configuration. Page reload'
                               'is required to update this warning.'))
            add_warning(req, e.message)
    def render_admin_panel(self, req, cat, page, path_info):

        add_script(req, 'multiproject/js/jquery-ui.js')
        add_script(req, 'multiproject/js/permissions.js')
        add_stylesheet(req, 'multiproject/css/jquery-ui.css')
        add_stylesheet(req, 'multiproject/css/permissions.css')

        project = Project.get(self.env)  #
        is_normal_project = self.env.project_identifier != \
                            self.env.config.get('multiproject', 'sys_home_project_name')

        # API instances
        perm_sys = PermissionSystem(self.env)
        group_store = CQDEUserGroupStore(env=self.env)
        org_store = CQDEOrganizationStore.instance()
        if is_normal_project:
            membership = MembershipApi(self.env, Project.get(self.env))
        else:
            membership = None

        if req.method == 'POST':
            action = req.args.get('action')
            if action == 'remove_member':
                self._remove_member(req, group_store)
            elif action == 'add_member':
                add_type = req.args.get('add_type')
                if add_type == 'user':
                    self._add_user(req, group_store, membership)
                elif add_type == 'organization':
                    self._add_organization(req, group_store)
                elif add_type == 'ldap_group':
                    self._add_ldap_group(req, group_store)
                elif add_type == 'login_status':
                    login_status = req.args.get('login_status')
                    if login_status not in ('authenticated', 'anonymous'):
                        raise TracError('Invalid arguments')
                    self._add_user(req,
                                   group_store,
                                   membership,
                                   username=login_status)
                else:
                    raise TracError('Invalid add_type')
            elif action == 'add_permission':
                self._add_perm_to_group(req, group_store, perm_sys)
            elif action == 'remove_permission':
                self._remove_permission(req, group_store, perm_sys)
            elif action == 'create_group':
                self._create_group(req, group_store, perm_sys)
            elif action == 'remove_group':
                self._remove_group(req, group_store)
            elif action == 'add_organization':
                self._add_organization(req, group_store)
            elif action == 'decline_membership':
                self._decline_membership(req, membership)
            elif 'makepublic' in req.args:
                project_api = Projects()
                if conf.allow_public_projects:
                    self._make_public(req, project)
                    project_api.add_public_project_visibility(project.id)
                    # Reload page
                    return req.redirect(req.href(req.path_info))
                else:
                    raise TracError("Public projects are disabled", "Error!")
            elif 'makeprivate' in req.args:
                project_api = Projects()
                self._make_private(req, project)
                project_api.remove_public_project_visibility(project.id)
                # Reload page
                return req.redirect(req.href(req.path_info))
            else:
                raise TracError('Unknown action %s' % action)

        # get membership request list after form posts have been processed
        if is_normal_project:
            membership_requests = set(membership.get_membership_requests())
        else:
            membership_requests = set()

        permissions = set(perm_sys.get_actions())

        # check if project if current configuration and permission state is in such state that
        # permission editions are likely fail
        invalid_state = None

        if is_normal_project:
            is_a_public = project.public
        else:
            is_a_public = ""

        try:
            group_store.is_valid_group_members()
        except InvalidPermissionsState, e:
            add_warning(
                req,
                _('Application permission configuration conflicts with project permissions. '
                  'Before you can fully edit permissions or users you will need to either remove '
                  'offending permissions or set correct application configuration. Page reload'
                  'is required to update this warning.'))
            add_warning(req, e.message)
    def do(self):
        store = CQDEUserGroupStore(self.project.trac_environment_key)
        author = self.project.author

        # Set default groups (adds also author to Owner)
        try:
            firstDone = False
            for grpname, rightslist in conf.default_groups:
                store.create_group(grpname)

                # add the user only to the first group
                # NOTE: Creates the group defined by grpname
                if not firstDone:
                    # Do not validate group permissions on creation
                    store.add_user_to_group(author.username, grpname, validate=False)
                    firstDone = True

                for right in rightslist:
                    store.grant_permission_to_group(grpname, right)
        except:
            conf.log.exception("Could not setup initial permissions")
            return False

        try:
            if conf.private_auth_group:
                auth_group_name, auth_priv = conf.private_auth_group
                # Do not validate group permissions on creation
                store.add_user_to_group('authenticated', auth_group_name)
                for priv in auth_priv:
                    store.grant_permission_to_group(auth_group_name, priv)
        except Exception:
            conf.log.exception("Could not setup initial permissions")
            return False
        return True