def can_user_apply_changeset(user, changeset=None): user = get_model_instance(user, User) if changeset is not None: changeset = get_model_instance(changeset, Changeset) if changeset: if not changeset.pk: # Cannot apply unsaved changeset. return False # only approved changesets can be applied if changeset.review_status not in ( Changeset.REVIEW_STATUS_APPROVED,): return False if (user.role.name in (Role.ROLE_DEVELOPER,) and changeset.classification in ( Changeset.CLASSIFICATION_LOWRISK, Changeset.CLASSIFICATION_PAINLESS)): return True if user.role.name in (Role.ROLE_DBA, Role.ROLE_ADMIN): return True return False
def can_user_review_changeset(user, changeset=None): """Checks if changeset review_status can be set to 'in_progress' by user. Only DBAs and admins can review changesets. Args: user: User ID or an instance of User. changeset: Changeset ID or an instance of Changeset. Returns: True if user can review changeset, otherwise False. """ user = get_model_instance(user, User) if changeset is not None: changeset = get_model_instance(changeset, Changeset) # Only DBAs and admins can review changesets. if user.role.name not in (Role.ROLE_DBA, Role.ROLE_ADMIN): return False if changeset and not changeset.pk: # Reviews are only allowed on saved changesets. return False if changeset.review_status not in [Changeset.REVIEW_STATUS_NEEDS]: return False return True
def __init__(self, changeset, schema_version, user): """Initializes object.""" super(ChangesetReviewThread, self).__init__() self.daemon = True self._changeset = get_model_instance(changeset, Changeset) self._schema_version = get_model_instance( schema_version, SchemaVersion) self._user = get_model_instance(user, User) self._init_run_vars()
def __init__(self, changeset, user, server, connection_options,): super(ChangesetApplyThread, self).__init__() self.daemon = True self.changeset = get_model_instance(changeset, Changeset) self.user = get_model_instance(user, User) self.server = get_model_instance(server, Server) self.connection_options = connection_options self.messages = [] self.has_errors = False self.changeset_detail_applies = [] self.changeset_detail_apply_ids = []
def can_soft_delete_changeset(self, changeset): """Checks if user can soft delete changeset.""" changeset = get_model_instance(changeset, Changeset) if not changeset.pk: # Cannot soft delete unsaved changeset. return False if changeset.is_deleted: # Cannot soft delete that was already soft deleted. return False if ( self._user.role.name in [ Role.ROLE_DBA, Role.ROLE_ADMIN] ): # dbas and admins can soft delete changeset return True if ( self._user.role.name in [Role.ROLE_DEVELOPER] and changeset.review_status != Changeset.REVIEW_STATUS_APPROVED ): # developers can only soft delete changesets that were not yet approved return True return False
def changeset_submit(changeset, changeset_details, user): user = get_model_instance(user, User) if changeset.pk: raise Exception('Only new changesets can be submitted.') for changeset_detail in changeset_details: if changeset_detail.pk: raise Exception( 'Only new changeset detail is allowed for changeset ' 'submission.') now = timezone.now() with transaction.commit_on_success(): changeset.submitted_by = user changeset.submitted_at = now changeset.save() for changeset_detail in changeset_details: changeset_detail.changeset = changeset changeset_detail.save() ChangesetAction.objects.create( changeset=changeset, type=ChangesetAction.TYPE_CREATED, timestamp=now ) send_mail_changeset_submitted(changeset) log.info('Changeset [id=%s] was submitted.' % (changeset.id,)) return changeset
def delete_changeset(changeset): """Deletes changeset.""" changeset = get_model_instance(changeset, Changeset) changeset_id = changeset.id changeset.delete() log.info('Changeset [id=%s] was deleted.' % (changeset_id,))
def start_changeset_apply_thread(changeset, user, server): changeset = get_model_instance(changeset, Changeset) user = get_model_instance(user, User) server = get_model_instance(server, Server) if not privileges_logic.can_user_apply_changeset(user, changeset): raise PrivilegeError( 'User is not allowed to apply changeset.') connection_options = {} if settings.MYSQL_USER: connection_options['user'] = settings.MYSQL_USER if settings.MYSQL_PASSWORD: connection_options['passwd'] = settings.MYSQL_PASSWORD thread = ChangesetApplyThread(changeset, user, server, connection_options) thread.start() return thread
def start_changeset_review_thread(changeset, schema_version, user): """Reviews changeset.""" changeset = get_model_instance(changeset, Changeset) schema_version = get_model_instance( schema_version, SchemaVersion) user = get_model_instance(user, User) #if changeset_can_be_reviewed_by_user(changeset, user): # thread = ReviewThread(changeset, schema_version, request_id, user, server) # thread.start() # return thread if privileges_logic.can_user_review_changeset(user, changeset): thread = ChangesetReviewThread(changeset, schema_version, user) thread.start() return thread else: raise PrivilegeError( u'User is not allowed to set review status to \'in_progress\'.')
def add_user( name, email, role, password, github_login=None, perform_checks=False, check_user=None): """Creates user.""" if perform_checks: privileges_logic.UserPrivileges(check_user).check_create_user() role = helpers.get_model_instance(role, models.Role) auth_user = AuthUser.objects.create_user(name, email, password) schemanizer_user = models.User.objects.create( name=name, email=email, role=role, auth_user=auth_user, github_login=github_login) return schemanizer_user
def can_approve_changeset(self, changeset): """Checks if user can approve changeset.""" changeset = get_model_instance(changeset, Changeset) if not changeset.pk: # Cannot approve unsaved changeset. return False if changeset.review_status == Changeset.REVIEW_STATUS_APPROVED: # cannot approve, it is already approved return False if self._user.role.name in (Role.ROLE_DBA, Role.ROLE_ADMIN): if changeset.review_status in (Changeset.REVIEW_STATUS_IN_PROGRESS): return True else: return False
def can_update_changeset(self, changeset): """Checks if user can update changeset.""" changeset = get_model_instance(changeset, Changeset) if not changeset.pk: # Cannot update unsaved changesets. return False if self._user.role.name in [Role.ROLE_DBA, Role.ROLE_ADMIN]: # dbas and admins can always update changeset. return True if self._user.role.name in [Role.ROLE_DEVELOPER]: # developers can update changesets only if it was not yet approved. if changeset.review_status != Changeset.REVIEW_STATUS_APPROVED: return True return False
def changeset_update(changeset, changeset_details, to_be_deleted_changeset_details, user): user = get_model_instance(user, User) if privileges_logic.UserPrivileges(user).can_update_changeset(changeset): with transaction.commit_on_success(): now = timezone.now() for tbdc in to_be_deleted_changeset_details: if tbdc.pk and tbdc.changeset and tbdc.changeset.id == changeset.id: tbdc.delete() else: raise Exception('to_be_deleted_changeset_details contain and invalid changeset detail.') changeset.review_status = changeset.REVIEW_STATUS_NEEDS changeset.save() for cd in changeset_details: if cd.pk: if cd.changeset.id == changeset.id: cd.save() else: raise Exception('One of the changeset details have invalid changeset value.') else: cd.changeset = changeset cd.save() # Create entry on changeset actions ChangesetAction.objects.create( changeset=changeset, type=ChangesetAction.TYPE_CHANGED, timestamp=now) log.info(u'Changeset [id=%s] was updated.' % (changeset.id,)) send_mail_changeset_updated(changeset) return changeset else: raise PrivilegeError( 'User is not allowed to update changeset.')
def update_user( pk, name, email, role, github_login=None, perform_checks=False, check_user=None): """Updates user.""" if perform_checks: privileges_logic.UserPrivileges(check_user).check_update_user() role = helpers.get_model_instance(role, models.Role) schemanizer_user = models.User.objects.get(pk=pk) schemanizer_user.name = name schemanizer_user.email = email schemanizer_user.role = role schemanizer_user.github_login = github_login schemanizer_user.save() auth_user = schemanizer_user.auth_user auth_user.username = schemanizer_user.name auth_user.email = schemanizer_user.email auth_user.save() return schemanizer_user
def __init__(self, user): """Initializes instance.""" self._user = get_model_instance(user, User)