def can_user_apply_changeset(user, changeset=None):
user = get_model_instance(user, User)
if changeset is not None:
changeset = get_model_instance(changeset, Changeset)
if changeset:
if not changeset.pk:
# Cannot apply unsaved changeset.
return False
# only approved changesets can be applied
if changeset.review_status not in (
Changeset.REVIEW_STATUS_APPROVED,):
return False
if (user.role.name in (Role.ROLE_DEVELOPER,) and
changeset.classification in (
Changeset.CLASSIFICATION_LOWRISK,
Changeset.CLASSIFICATION_PAINLESS)):
return True
if user.role.name in (Role.ROLE_DBA, Role.ROLE_ADMIN):
return True
return False
def can_user_review_changeset(user, changeset=None):
"""Checks if changeset review_status can be set to 'in_progress' by user.
Only DBAs and admins can review changesets.
Args:
user: User ID or an instance of User.
changeset: Changeset ID or an instance of Changeset.
Returns:
True if user can review changeset, otherwise False.
"""
user = get_model_instance(user, User)
if changeset is not None:
changeset = get_model_instance(changeset, Changeset)
# Only DBAs and admins can review changesets.
if user.role.name not in (Role.ROLE_DBA, Role.ROLE_ADMIN):
return False
if changeset and not changeset.pk:
# Reviews are only allowed on saved changesets.
return False
if changeset.review_status not in [Changeset.REVIEW_STATUS_NEEDS]:
return False
return True
def __init__(self, changeset, schema_version, user):
"""Initializes object."""
super(ChangesetReviewThread, self).__init__()
self.daemon = True
self._changeset = get_model_instance(changeset, Changeset)
self._schema_version = get_model_instance(
schema_version, SchemaVersion)
self._user = get_model_instance(user, User)
self._init_run_vars()
def __init__(self, changeset, user, server, connection_options,):
super(ChangesetApplyThread, self).__init__()
self.daemon = True
self.changeset = get_model_instance(changeset, Changeset)
self.user = get_model_instance(user, User)
self.server = get_model_instance(server, Server)
self.connection_options = connection_options
self.messages = []
self.has_errors = False
self.changeset_detail_applies = []
self.changeset_detail_apply_ids = []
def can_soft_delete_changeset(self, changeset):
"""Checks if user can soft delete changeset."""
changeset = get_model_instance(changeset, Changeset)
if not changeset.pk:
# Cannot soft delete unsaved changeset.
return False
if changeset.is_deleted:
# Cannot soft delete that was already soft deleted.
return False
if (
self._user.role.name in [
Role.ROLE_DBA, Role.ROLE_ADMIN]
):
# dbas and admins can soft delete changeset
return True
if (
self._user.role.name in [Role.ROLE_DEVELOPER] and
changeset.review_status != Changeset.REVIEW_STATUS_APPROVED
):
# developers can only soft delete changesets that were not yet approved
return True
return False
def changeset_submit(changeset, changeset_details, user):
user = get_model_instance(user, User)
if changeset.pk:
raise Exception('Only new changesets can be submitted.')
for changeset_detail in changeset_details:
if changeset_detail.pk:
raise Exception(
'Only new changeset detail is allowed for changeset '
'submission.')
now = timezone.now()
with transaction.commit_on_success():
changeset.submitted_by = user
changeset.submitted_at = now
changeset.save()
for changeset_detail in changeset_details:
changeset_detail.changeset = changeset
changeset_detail.save()
ChangesetAction.objects.create(
changeset=changeset,
type=ChangesetAction.TYPE_CREATED,
timestamp=now
)
send_mail_changeset_submitted(changeset)
log.info('Changeset [id=%s] was submitted.' % (changeset.id,))
return changeset
def delete_changeset(changeset):
"""Deletes changeset."""
changeset = get_model_instance(changeset, Changeset)
changeset_id = changeset.id
changeset.delete()
log.info('Changeset [id=%s] was deleted.' % (changeset_id,))
def start_changeset_apply_thread(changeset, user, server):
changeset = get_model_instance(changeset, Changeset)
user = get_model_instance(user, User)
server = get_model_instance(server, Server)
if not privileges_logic.can_user_apply_changeset(user, changeset):
raise PrivilegeError(
'User is not allowed to apply changeset.')
connection_options = {}
if settings.MYSQL_USER:
connection_options['user'] = settings.MYSQL_USER
if settings.MYSQL_PASSWORD:
connection_options['passwd'] = settings.MYSQL_PASSWORD
thread = ChangesetApplyThread(changeset, user, server, connection_options)
thread.start()
return thread
def start_changeset_review_thread(changeset, schema_version, user):
"""Reviews changeset."""
changeset = get_model_instance(changeset, Changeset)
schema_version = get_model_instance(
schema_version, SchemaVersion)
user = get_model_instance(user, User)
#if changeset_can_be_reviewed_by_user(changeset, user):
# thread = ReviewThread(changeset, schema_version, request_id, user, server)
# thread.start()
# return thread
if privileges_logic.can_user_review_changeset(user, changeset):
thread = ChangesetReviewThread(changeset, schema_version, user)
thread.start()
return thread
else:
raise PrivilegeError(
u'User is not allowed to set review status to \'in_progress\'.')
def add_user(
name, email, role, password, github_login=None,
perform_checks=False, check_user=None):
"""Creates user."""
if perform_checks:
privileges_logic.UserPrivileges(check_user).check_create_user()
role = helpers.get_model_instance(role, models.Role)
auth_user = AuthUser.objects.create_user(name, email, password)
schemanizer_user = models.User.objects.create(
name=name, email=email, role=role, auth_user=auth_user,
github_login=github_login)
return schemanizer_user
def can_approve_changeset(self, changeset):
"""Checks if user can approve changeset."""
changeset = get_model_instance(changeset, Changeset)
if not changeset.pk:
# Cannot approve unsaved changeset.
return False
if changeset.review_status == Changeset.REVIEW_STATUS_APPROVED:
# cannot approve, it is already approved
return False
if self._user.role.name in (Role.ROLE_DBA, Role.ROLE_ADMIN):
if changeset.review_status in (Changeset.REVIEW_STATUS_IN_PROGRESS):
return True
else:
return False
def can_update_changeset(self, changeset):
"""Checks if user can update changeset."""
changeset = get_model_instance(changeset, Changeset)
if not changeset.pk:
# Cannot update unsaved changesets.
return False
if self._user.role.name in [Role.ROLE_DBA, Role.ROLE_ADMIN]:
# dbas and admins can always update changeset.
return True
if self._user.role.name in [Role.ROLE_DEVELOPER]:
# developers can update changesets only if it was not yet approved.
if changeset.review_status != Changeset.REVIEW_STATUS_APPROVED:
return True
return False
def changeset_update(changeset, changeset_details, to_be_deleted_changeset_details, user):
user = get_model_instance(user, User)
if privileges_logic.UserPrivileges(user).can_update_changeset(changeset):
with transaction.commit_on_success():
now = timezone.now()
for tbdc in to_be_deleted_changeset_details:
if tbdc.pk and tbdc.changeset and tbdc.changeset.id == changeset.id:
tbdc.delete()
else:
raise Exception('to_be_deleted_changeset_details contain and invalid changeset detail.')
changeset.review_status = changeset.REVIEW_STATUS_NEEDS
changeset.save()
for cd in changeset_details:
if cd.pk:
if cd.changeset.id == changeset.id:
cd.save()
else:
raise Exception('One of the changeset details have invalid changeset value.')
else:
cd.changeset = changeset
cd.save()
# Create entry on changeset actions
ChangesetAction.objects.create(
changeset=changeset,
type=ChangesetAction.TYPE_CHANGED,
timestamp=now)
log.info(u'Changeset [id=%s] was updated.' % (changeset.id,))
send_mail_changeset_updated(changeset)
return changeset
else:
raise PrivilegeError(
'User is not allowed to update changeset.')
def update_user(
pk, name, email, role, github_login=None,
perform_checks=False, check_user=None):
"""Updates user."""
if perform_checks:
privileges_logic.UserPrivileges(check_user).check_update_user()
role = helpers.get_model_instance(role, models.Role)
schemanizer_user = models.User.objects.get(pk=pk)
schemanizer_user.name = name
schemanizer_user.email = email
schemanizer_user.role = role
schemanizer_user.github_login = github_login
schemanizer_user.save()
auth_user = schemanizer_user.auth_user
auth_user.username = schemanizer_user.name
auth_user.email = schemanizer_user.email
auth_user.save()
return schemanizer_user
def __init__(self, user):
"""Initializes instance."""
self._user = get_model_instance(user, User)