def get_all_user_repos(self, user): """ Get's all repositories that user have at least read access :param user: """ from rhodecode.lib.auth import AuthUser user = self._get_user(user) repos = AuthUser(user_id=user.user_id).permissions['repositories'] access_check = lambda r: r[1] in ['repository.read', 'repository.write', 'repository.admin'] repos = [x[0] for x in filter(access_check, repos.items())] return Repository.query().filter(Repository.repo_name.in_(repos))
def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from', None) if self.rhodecode_user.is_authenticated \ and self.rhodecode_user.username != 'default': return redirect(url('home')) if request.POST: # import Login Form validator class login_form = LoginForm() try: c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() cs = auth_user.get_cookie_store() session['rhodecode_user'] = cs # If they want to be remembered, update the cookie if c.form_result['remember'] is not False: session.cookie_expires = False session._set_cookie_values() session._update_cookie_out() session.save() log.info('user %s is now authenticated and stored in ' 'session, session attrs %s' % (username, cs)) user.update_lastlogin() Session.commit() if c.came_from: return redirect(c.came_from) else: return redirect(url('home')) except formencode.Invalid, errors: return htmlfill.render( render('/login.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def index(self): # redirect if already logged in c.came_from = request.GET.get("came_from", None) if self.rhodecode_user.is_authenticated and self.rhodecode_user.username != "default": return redirect(url("home")) if request.POST: # import Login Form validator class login_form = LoginForm() try: c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result["username"] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() session["rhodecode_user"] = auth_user session.save() log.info("user %s is now authenticated and stored in session", username) user.update_lastlogin() if c.came_from: return redirect(c.came_from) else: return redirect(url("home")) except formencode.Invalid, errors: return htmlfill.render( render("/login.html"), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", )
def test_default_admin_group_perms(self): self.g1 = fixture.create_group('test1', skip_if_exists=True) self.g2 = fixture.create_group('test2', skip_if_exists=True) a1_auth = AuthUser(user_id=self.a1.user_id) perms = { 'repositories_groups': { u'test1': 'group.admin', u'test2': 'group.admin' }, 'global': set(['hg.admin']), 'repositories': { u'vcs_test_hg': 'repository.admin' } } self.assertEqual(a1_auth.permissions['repositories'][HG_REPO], perms['repositories'][HG_REPO]) self.assertEqual(a1_auth.permissions['repositories_groups'], perms['repositories_groups'])
def test_default_group_perms(self): self.g1 = fixture.create_group('test1', skip_if_exists=True) self.g2 = fixture.create_group('test2', skip_if_exists=True) u1_auth = AuthUser(user_id=self.u1.user_id) perms = { 'repositories_groups': { u'test1': 'group.read', u'test2': 'group.read' }, 'global': set(Permission.DEFAULT_USER_PERMISSIONS), 'repositories': { u'vcs_test_hg': u'repository.read' } } self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], perms['repositories'][HG_REPO]) self.assertEqual(u1_auth.permissions['repositories_groups'], perms['repositories_groups']) self.assertEqual(u1_auth.permissions['global'], perms['global'])
def edit(self, user_id): """GET /users/user_id/edit: Form to edit an existing item""" # url('edit_user', user_id=ID) user_id = safe_int(user_id) c.user = User.get_or_404(user_id) if c.user.username == User.DEFAULT_USER: h.flash(_("You can't edit this user"), category='warning') return redirect(url('users')) c.active = 'profile' c.extern_type = c.user.extern_type c.extern_name = c.user.extern_name c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) defaults = c.user.get_dict() defaults.update({'language': c.user.user_data.get('language')}) return htmlfill.render(render('admin/users/user_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def test_inherited_permissions_from_default_on_user_disabled(self): user_model = UserModel() # disable fork and create on default user usr = '******' user_model.revoke_perm(usr, 'hg.create.repository') user_model.grant_perm(usr, 'hg.create.none') user_model.revoke_perm(usr, 'hg.fork.repository') user_model.grant_perm(usr, 'hg.fork.none') # make sure inherit flag is turned on self.u1.inherit_default_permissions = True Session().commit() u1_auth = AuthUser(user_id=self.u1.user_id) # this user will have inherited permissions from default user self.assertEqual( u1_auth.permissions['global'], set([ 'hg.create.none', 'hg.fork.none', 'hg.register.manual_activate', 'hg.extern_activate.auto', 'repository.read', 'group.read', 'usergroup.read' ]))
def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))): """" Get a user by username, or userid, if userid is given :param apiuser: :param userid: """ if not HasPermissionAnyApi('hg.admin')(user=apiuser): #make sure normal user does not pass someone else userid, #he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: raise JSONRPCError('userid is not the same as your user') if isinstance(userid, Optional): userid = apiuser.user_id user = get_user_or_error(userid) data = user.get_api_data() data['permissions'] = AuthUser(user_id=user.user_id).permissions return data
def my_account_update(self): """PUT /_admin/my_account_update: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('admin_settings_my_account_update'), # method='put') # url('admin_settings_my_account_update', id=ID) uid = self.rhodecode_user.user_id c.user = User.get(self.rhodecode_user.user_id) c.perm_user = AuthUser(user_id=self.rhodecode_user.user_id, ip_addr=self.ip_addr) c.ldap_dn = c.user.ldap_dn email = self.rhodecode_user.email _form = UserForm(edit=True, old_data={ 'user_id': uid, 'email': email })() form_result = {} try: form_result = _form.to_python(dict(request.POST)) skip_attrs = ['admin', 'active'] # skip attr for my account if c.ldap_dn: #forbid updating username for ldap accounts skip_attrs.append('username') UserModel().update(uid, form_result, skip_attrs=skip_attrs) h.flash(_('Your account was updated successfully'), category='success') Session().commit() except formencode.Invalid, errors: #json used to render the grid c.data = self._load_my_repos_data() c.form = htmlfill.render( render('admin/users/user_edit_my_account_form.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8") return render('admin/users/user_edit_my_account.html')
def test_default_group_perms(self): self.g1 = _make_group('test1', skip_if_exists=True) self.g2 = _make_group('test2', skip_if_exists=True) u1_auth = AuthUser(user_id=self.u1.user_id) perms = { 'repositories_groups': { u'test1': 'group.read', u'test2': 'group.read' }, 'global': set([ u'hg.create.repository', u'repository.read', u'hg.register.manual_activate' ]), 'repositories': { u'vcs_test_hg': u'repository.read' } } self.assertEqual(u1_auth.permissions['repositories'][HG_REPO], perms['repositories'][HG_REPO]) self.assertEqual(u1_auth.permissions['repositories_groups'], perms['repositories_groups'])
def get_user(self, apiuser, userid): """" Get a user by username :param apiuser: :param username: """ user = UserModel().get_user(userid) if user is None: return user return dict( id=user.user_id, username=user.username, firstname=user.name, lastname=user.lastname, email=user.email, active=user.active, admin=user.admin, ldap_dn=user.ldap_dn, last_login=user.last_login, permissions=AuthUser(user_id=user.user_id).permissions )
def get_user(request, apiuser, userid=Optional(OAttr('apiuser'))): """ Returns the information associated with a username or userid. * If the ``userid`` is not set, this command returns the information for the ``userid`` calling the method. .. note:: Normal users may only run this command against their ``userid``. For full privileges you must run this command using an |authtoken| with admin rights. :param apiuser: This is filled automatically from the |authtoken|. :type apiuser: AuthUser :param userid: Sets the userid for which data will be returned. :type userid: Optional(str or int) Example output: .. code-block:: bash { "error": null, "id": <id>, "result": { "active": true, "admin": false, "api_key": "api-key", "api_keys": [ list of keys ], "email": "*****@*****.**", "emails": [ "*****@*****.**" ], "extern_name": "rhodecode", "extern_type": "rhodecode", "firstname": "username", "ip_addresses": [], "language": null, "last_login": "******", "lastname": "surnae", "permissions": { "global": [ "hg.inherit_default_perms.true", "usergroup.read", "hg.repogroup.create.false", "hg.create.none", "hg.extern_activate.manual", "hg.create.write_on_repogroup.false", "hg.usergroup.create.false", "group.none", "repository.none", "hg.register.none", "hg.fork.repository" ], "repositories": { "username/example": "repository.write"}, "repositories_groups": { "user-group/repo": "group.none" }, "user_groups": { "user_group_name": "usergroup.read" } }, "user_id": 32, "username": "******" } } """ if not has_superadmin_permission(apiuser): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: raise JSONRPCError('userid is not the same as your user') userid = Optional.extract(userid, evaluate_locals=locals()) userid = getattr(userid, 'user_id', userid) user = get_user_or_error(userid) data = user.get_api_data(include_secrets=True) data['permissions'] = AuthUser(user_id=user.user_id).permissions return data
def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from') not_default = self.rhodecode_user.username != 'default' ip_allowed = self.rhodecode_user.ip_allowed if self.rhodecode_user.is_authenticated and not_default and ip_allowed: return redirect(url('home')) if request.POST: # import Login Form validator class login_form = LoginForm() try: session.invalidate() c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() cs = auth_user.get_cookie_store() session['rhodecode_user'] = cs user.update_lastlogin() Session().commit() # If they want to be remembered, update the cookie if c.form_result['remember']: _year = (datetime.datetime.now() + datetime.timedelta(seconds=60 * 60 * 24 * 365)) session._set_cookie_expires(_year) session.save() log.info('user %s is now authenticated and stored in ' 'session, session attrs %s' % (username, cs)) # dumps session attrs back to cookie session._update_cookie_out() # we set new cookie headers = None if session.request['set_cookie']: # send set-cookie headers back to response to update cookie headers = [('Set-Cookie', session.request['cookie_out'])] allowed_schemes = ['http', 'https'] if c.came_from: parsed = urlparse.urlparse(c.came_from) server_parsed = urlparse.urlparse(url.current()) if parsed.scheme and parsed.scheme not in allowed_schemes: log.error( 'Suspicious URL scheme detected %s for url %s' % (parsed.scheme, parsed)) c.came_from = url('home') elif server_parsed.netloc != parsed.netloc: log.error('Suspicious NETLOC detected %s for url %s' 'server url is: %s' % (parsed.netloc, parsed, server_parsed)) c.came_from = url('home') raise HTTPFound(location=c.came_from, headers=headers) else: raise HTTPFound(location=url('home'), headers=headers) except formencode.Invalid, errors: return htmlfill.render( render('/login.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from') not_default = self.rhodecode_user.username != 'default' ip_allowed = self.rhodecode_user.ip_allowed if self.rhodecode_user.is_authenticated and not_default and ip_allowed: return redirect(url('home')) if request.POST: # import Login Form validator class login_form = LoginForm() try: session.invalidate() c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() cs = auth_user.get_cookie_store() session['rhodecode_user'] = cs user.update_lastlogin() Session().commit() # If they want to be remembered, update the cookie if c.form_result['remember']: _year = (datetime.datetime.now() + datetime.timedelta(seconds=60 * 60 * 24 * 365)) session._set_cookie_expires(_year) session.save() log.info('user %s is now authenticated and stored in ' 'session, session attrs %s' % (username, cs)) # dumps session attrs back to cookie session._update_cookie_out() # we set new cookie headers = None if session.request['set_cookie']: # send set-cookie headers back to response to update cookie headers = [('Set-Cookie', session.request['cookie_out'])] allowed_schemes = ['http', 'https'] if c.came_from: parsed = urlparse.urlparse(c.came_from) server_parsed = urlparse.urlparse(url.current()) if parsed.scheme and parsed.scheme not in allowed_schemes: log.error( 'Suspicious URL scheme detected %s for url %s' % (parsed.scheme, parsed)) c.came_from = url('home') elif server_parsed.netloc != parsed.netloc: log.error('Suspicious NETLOC detected %s for url %s' 'server url is: %s' % (parsed.netloc, parsed, server_parsed)) c.came_from = url('home') raise HTTPFound(location=c.came_from, headers=headers) else: raise HTTPFound(location=url('home'), headers=headers) except formencode.Invalid, errors: return htmlfill.render( render('/login.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8") except UserCreationError, e: # container auth or other auth functions that create users on # the fly can throw this exception signaling that there's issue # with user creation, explanation should be provided in # Exception itself h.flash(e, 'error')
def request_view(request): """ Main request handling method. It handles all logic to call a specific exposed method """ # check if we can find this session using api_key, get_by_auth_token # search not expired tokens only try: u = User.get_by_auth_token(request.rpc_api_key) if u is None: return jsonrpc_error(request, retid=request.rpc_id, message='Invalid API KEY') if not u.active: return jsonrpc_error(request, retid=request.rpc_id, message='Request from this user not allowed') # check if we are allowed to use this IP auth_u = AuthUser(u.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr) if not auth_u.ip_allowed: return jsonrpc_error(request, retid=request.rpc_id, message='Request from IP:%s not allowed' % (request.rpc_ip_addr, )) else: log.info('Access for IP:%s allowed' % (request.rpc_ip_addr, )) # now check if token is valid for API role = UserApiKeys.ROLE_API extra_auth_tokens = [ x.api_key for x in User.extra_valid_auth_tokens(u, role=role) ] active_tokens = [u.api_key] + extra_auth_tokens log.debug('Checking if API key has proper role') if request.rpc_api_key not in active_tokens: return jsonrpc_error( request, retid=request.rpc_id, message='API KEY has bad role for an API call') except Exception as e: log.exception('Error on API AUTH') return jsonrpc_error(request, retid=request.rpc_id, message='Invalid API KEY') method = request.rpc_method func = request.registry.jsonrpc_methods[method] # now that we have a method, add request._req_params to # self.kargs and dispatch control to WGIController argspec = inspect.getargspec(func) arglist = argspec[0] defaults = map(type, argspec[3] or []) default_empty = types.NotImplementedType # kw arguments required by this method func_kwargs = dict( itertools.izip_longest(reversed(arglist), reversed(defaults), fillvalue=default_empty)) # This attribute will need to be first param of a method that uses # api_key, which is translated to instance of user at that name user_var = 'apiuser' request_var = 'request' for arg in [user_var, request_var]: if arg not in arglist: return jsonrpc_error(request, retid=request.rpc_id, message='This method [%s] does not support ' 'required parameter `%s`' % (func.__name__, arg)) # get our arglist and check if we provided them as args for arg, default in func_kwargs.items(): if arg in [user_var, request_var]: # user_var and request_var are pre-hardcoded parameters and we # don't need to do any translation continue # skip the required param check if it's default value is # NotImplementedType (default_empty) if default == default_empty and arg not in request.rpc_params: return jsonrpc_error( request, retid=request.rpc_id, message=('Missing non optional `%s` arg in JSON DATA' % arg)) # sanitze extra passed arguments for k in request.rpc_params.keys()[:]: if k not in func_kwargs: del request.rpc_params[k] call_params = request.rpc_params call_params.update({'request': request, 'apiuser': auth_u}) try: ret_value = func(**call_params) return jsonrpc_response(request, ret_value) except JSONRPCBaseError: raise except Exception: log.exception('Unhandled exception occured on api call: %s', func) return jsonrpc_error(request, retid=request.rpc_id, message='Internal server error')
def test_repo_in_group_permissions(self): self.g1 = fixture.create_group('group1', skip_if_exists=True) self.g2 = fixture.create_group('group2', skip_if_exists=True) # both perms should be read ! u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.read', u'group2': u'group.read' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.read', u'group2': u'group.read' }) #Change perms to none for both groups ReposGroupModel().grant_user_permission(repos_group=self.g1, user=self.anon, perm='group.none') ReposGroupModel().grant_user_permission(repos_group=self.g2, user=self.anon, perm='group.none') u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) # add repo to group name = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm']) self.test_repo = fixture.create_repo( name=name, repo_type='hg', repos_group=self.g1, cur_user=self.u1, ) u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) #grant permission for u2 ! ReposGroupModel().grant_user_permission(repos_group=self.g1, user=self.u2, perm='group.read') ReposGroupModel().grant_user_permission(repos_group=self.g2, user=self.u2, perm='group.read') Session().commit() self.assertNotEqual(self.u1, self.u2) #u1 and anon should have not change perms while u2 should ! u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) u2_auth = AuthUser(user_id=self.u2.user_id) self.assertEqual(u2_auth.permissions['repositories_groups'], { u'group1': u'group.read', u'group2': u'group.read' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' })
def my_account_update(self): """ POST /_admin/my_account Updates info of my account """ # url('my_account') c.active = 'profile_edit' self.__load_data() c.perm_user = AuthUser(user_id=c.rhodecode_user.user_id, ip_addr=self.ip_addr) c.extern_type = c.user.extern_type c.extern_name = c.user.extern_name defaults = c.user.get_dict() update = False _form = UserForm(edit=True, old_data={ 'user_id': c.rhodecode_user.user_id, 'email': c.rhodecode_user.email })() form_result = {} try: post_data = dict(request.POST) post_data['new_password'] = '' post_data['password_confirmation'] = '' form_result = _form.to_python(post_data) # skip updating those attrs for my account skip_attrs = [ 'admin', 'active', 'extern_type', 'extern_name', 'new_password', 'password_confirmation' ] # TODO: plugin should define if username can be updated if c.extern_type != "rhodecode": # forbid updating username for external accounts skip_attrs.append('username') UserModel().update_user(c.rhodecode_user.user_id, skip_attrs=skip_attrs, **form_result) h.flash(_('Your account was updated successfully'), category='success') Session().commit() update = True except formencode.Invalid as errors: return htmlfill.render(render('admin/my_account/my_account.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", force_defaults=False) except Exception: log.exception("Exception updating user") h.flash(_('Error occurred during update of user %s') % form_result.get('username'), category='error') if update: return redirect('my_account') return htmlfill.render(render('admin/my_account/my_account.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def index(self, repo_name=None): searcher = searcher_from_config(config) formatted_results = [] execution_time = '' schema = validation_schema.SearchParamsSchema() search_params = {} errors = [] try: search_params = schema.deserialize( dict(search_query=request.GET.get('q'), search_type=request.GET.get('type'), search_sort=request.GET.get('sort'), page_limit=request.GET.get('page_limit'), requested_page=request.GET.get('page')) ) except validation_schema.Invalid as e: errors = e.children def url_generator(**kw): q = urllib.quote(safe_str(search_query)) return update_params( "?q=%s&type=%s" % (q, safe_str(search_type)), **kw) search_query = search_params.get('search_query') search_type = search_params.get('search_type') search_sort = search_params.get('search_sort') if search_params.get('search_query'): page_limit = search_params['page_limit'] requested_page = search_params['requested_page'] c.perm_user = AuthUser(user_id=c.rhodecode_user.user_id, ip_addr=self.ip_addr) try: search_result = searcher.search( search_query, search_type, c.perm_user, repo_name, requested_page, page_limit, search_sort) formatted_results = Page( search_result['results'], page=requested_page, item_count=search_result['count'], items_per_page=page_limit, url=url_generator) finally: searcher.cleanup() if not search_result['error']: execution_time = '%s results (%.3f seconds)' % ( search_result['count'], search_result['runtime']) elif not errors: node = schema['search_query'] errors = [ validation_schema.Invalid(node, search_result['error'])] c.sort = search_sort c.url_generator = url_generator c.errors = errors c.formatted_results = formatted_results c.runtime = execution_time c.cur_query = search_query c.search_type = search_type # Return a rendered template return render('/search/search.html')
def global_perms(user): auth_user = AuthUser(user_id=user.user_id) return auth_user.permissions['global']
def user_group_perms(user): auth_user = AuthUser(user_id=user.user_id) return auth_user.permissions['user_groups']
'method: %s, params: %s' % (self._req_method, self._request_params) ) except KeyError, e: return jsonrpc_error(retid=self._req_id, message='Incorrect JSON query missing %s' % e) # check if we can find this session using api_key try: u = User.get_by_api_key(self._req_api_key) if u is None: return jsonrpc_error(retid=self._req_id, message='Invalid API KEY') #check if we are allowed to use this IP auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) if not auth_u.ip_allowed: return jsonrpc_error(retid=self._req_id, message='request from IP:%s not allowed' % (ip_addr)) else: log.info('Access for IP:%s allowed' % (ip_addr)) except Exception, e: return jsonrpc_error(retid=self._req_id, message='Invalid API KEY') self._error = None try: self._func = self._find_method() except AttributeError, e: return jsonrpc_error(retid=self._req_id,
try: self._req_api_key = json_body['api_key'] self._req_id = json_body['id'] self._req_method = json_body['method'] self._request_params = json_body['args'] log.debug('method: %s, params: %s' % (self._req_method, self._request_params)) except KeyError, e: return jsonrpc_error(message='Incorrect JSON query missing %s' % e) # check if we can find this session using api_key try: u = User.get_by_api_key(self._req_api_key) if u is None: return jsonrpc_error(message='Invalid API KEY') auth_u = AuthUser(u.user_id, self._req_api_key) except Exception, e: return jsonrpc_error(message='Invalid API KEY') self._error = None try: self._func = self._find_method() except AttributeError, e: return jsonrpc_error(message=str(e)) # now that we have a method, add self._req_params to # self.kargs and dispatch control to WGIController argspec = inspect.getargspec(self._func) arglist = argspec[0][1:] defaults = map(type, argspec[3] or []) default_empty = types.NotImplementedType
def test_repo_in_group_permissions(self): self.g1 = _make_group('group1', skip_if_exists=True) self.g2 = _make_group('group2', skip_if_exists=True) Session.commit() # both perms should be read ! u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.read', u'group2': u'group.read' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.read', u'group2': u'group.read' }) #Change perms to none for both groups ReposGroupModel().grant_user_permission(repos_group=self.g1, user=self.anon, perm='group.none') ReposGroupModel().grant_user_permission(repos_group=self.g2, user=self.anon, perm='group.none') u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) # add repo to group form_data = { 'repo_name': HG_REPO, 'repo_name_full': RepoGroup.url_sep().join([self.g1.group_name, HG_REPO]), 'repo_type': 'hg', 'clone_uri': '', 'repo_group': self.g1.group_id, 'description': 'desc', 'private': False } self.test_repo = RepoModel().create(form_data, cur_user=self.u1) Session.commit() u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) #grant permission for u2 ! ReposGroupModel().grant_user_permission(repos_group=self.g1, user=self.u2, perm='group.read') ReposGroupModel().grant_user_permission(repos_group=self.g2, user=self.u2, perm='group.read') Session.commit() self.assertNotEqual(self.u1, self.u2) #u1 and anon should have not change perms while u2 should ! u1_auth = AuthUser(user_id=self.u1.user_id) self.assertEqual(u1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' }) u2_auth = AuthUser(user_id=self.u2.user_id) self.assertEqual(u2_auth.permissions['repositories_groups'], { u'group1': u'group.read', u'group2': u'group.read' }) a1_auth = AuthUser(user_id=self.anon.user_id) self.assertEqual(a1_auth.permissions['repositories_groups'], { u'group1': u'group.none', u'group2': u'group.none' })
def group_perms(user): auth_user = AuthUser(user_id=user.user_id) return auth_user.permissions['repositories_groups']