def test_revoke_perm_fork_repo(self):
self.log_user()
perm_none = Permission.get_by_key('hg.fork.none')
perm_fork = Permission.get_by_key('hg.fork.repository')
user = UserModel().create_or_update(username='******', password='******',
email='dummy', firstname='a',
lastname='b')
Session().commit()
uid = user.user_id
try:
#User should have None permission on creation repository
self.assertEqual(UserModel().has_perm(user, perm_none), False)
self.assertEqual(UserModel().has_perm(user, perm_fork), False)
response = self.app.post(url('edit_user_perms', id=uid),
params=dict(_method='put'))
perm_none = Permission.get_by_key('hg.create.none')
perm_create = Permission.get_by_key('hg.create.repository')
#User should have None permission on creation repository
self.assertEqual(UserModel().has_perm(uid, perm_none), True)
self.assertEqual(UserModel().has_perm(uid, perm_create), False)
finally:
UserModel().delete(uid)
Session().commit()
def test_revoke_perm_fork_repo(self):
self.log_user()
perm_none = Permission.get_by_key('hg.fork.none')
perm_fork = Permission.get_by_key('hg.fork.repository')
user = UserModel().create_or_update(username='******', password='******',
email='dummy', firstname=u'a',
lastname=u'b')
Session().commit()
uid = user.user_id
try:
#User should have None permission on creation repository
assert UserModel().has_perm(user, perm_none) == False
assert UserModel().has_perm(user, perm_fork) == False
response = self.app.post(url('edit_user_perms_update', id=uid),
params=dict(_authentication_token=self.authentication_token()))
perm_none = Permission.get_by_key('hg.create.none')
perm_create = Permission.get_by_key('hg.create.repository')
#User should have None permission on creation repository
assert UserModel().has_perm(uid, perm_none) == True
assert UserModel().has_perm(uid, perm_create) == False
finally:
UserModel().delete(uid)
Session().commit()
def test_revoke_perm_fork_repo(self):
self.log_user()
perm_none = Permission.get_by_key('hg.fork.none')
perm_fork = Permission.get_by_key('hg.fork.repository')
user = UserModel().create_or_update(username='******',
password='******',
email='dummy',
firstname='a',
lastname='b')
Session().commit()
uid = user.user_id
try:
# User should have None permission on creation repository
assert UserModel().has_perm(user, perm_none) == False
assert UserModel().has_perm(user, perm_fork) == False
response = self.app.post(
base.url('edit_user_perms_update', id=uid),
params=dict(_session_csrf_secret_token=self.
session_csrf_secret_token()))
perm_none = Permission.get_by_key('hg.create.none')
perm_create = Permission.get_by_key('hg.create.repository')
# User should have None permission on creation repository
assert UserModel().has_perm(uid, perm_none) == True
assert UserModel().has_perm(uid, perm_create) == False
finally:
UserModel().delete(uid)
Session().commit()
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
Session().add(new_perm)
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
Session().add(new_perm)
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
new_perm.permission_longname = p[0] #translation err with p[1]
self.sa.add(new_perm)
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
new_perm.permission_longname = p[0] #translation err with p[1]
self.sa.add(new_perm)
def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' % target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group, user_group)
return obj
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' %
target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group,
user_group)
return obj
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def grant_user_permission(self, repo, user, perm):
"""
Grant permission for user on given repository, or update existing one
if found
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user = User.guess_instance(user)
repo = Repository.guess_instance(repo)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new !
obj = UserRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, repo)
return obj
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def grant_user_permission(self, repo, user, perm):
"""
Grant permission for user on given repository, or update existing one
if found
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user = User.guess_instance(user)
repo = Repository.guess_instance(repo)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new !
obj = UserRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, repo)
return obj
def teardown_method(self, method):
perm = Permission.query().all()
for p in perm:
UserModel().revoke_perm(self.u1, p)
UserModel().delete(self.u1)
Session().commit()
Session.remove()
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def test_set_default_permissions_after_modification(self, perm, modify_to):
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
old = Permission.get_by_key(perm)
new = Permission.get_by_key(modify_to)
assert old != None
assert new != None
#now modify permissions
p = UserToPerm.query() \
.filter(UserToPerm.user == self.u1) \
.filter(UserToPerm.permission == old) \
.one()
p.permission = new
Session().commit()
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
def test_revoke_perm(self):
perm = Permission.query().all()[0]
UserModel().grant_perm(self.u1, perm)
Session().commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), True)
#revoke
UserModel().revoke_perm(self.u1, perm)
Session().commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), False)
def test_revoke_perm(self):
perm = Permission.query().all()[0]
UserModel().grant_perm(self.u1, perm)
Session().commit()
assert UserModel().has_perm(self.u1, perm) == True
#revoke
UserModel().revoke_perm(self.u1, perm)
Session().commit()
assert UserModel().has_perm(self.u1, perm) == False
def test_set_default_permissions_after_modification(self, perm, modify_to):
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
old = Permission.get_by_key(perm)
new = Permission.get_by_key(modify_to)
assert old != None
assert new != None
#now modify permissions
p = UserToPerm.query() \
.filter(UserToPerm.user == self.u1) \
.filter(UserToPerm.permission == old) \
.one()
p.permission = new
Session().commit()
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
def update_user_permission(self, repository, user, permission):
permission = Permission.get_by_key(permission)
current = self.get_user_permission(repository, user)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserRepoToPerm()
p.user = user
p.repository = repository
p.permission = permission
self.sa.add(p)
def update_user_permission(self, repository, user, permission):
permission = Permission.get_by_key(permission)
current = self.get_user_permission(repository, user)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserRepoToPerm()
p.user = user
p.repository = repository
p.permission = permission
self.sa.add(p)
def update_users_group_permission(self, repository, users_group,
permission):
permission = Permission.get_by_key(permission)
current = self.get_users_group_permission(repository, users_group)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserGroupRepoToPerm()
p.users_group = users_group
p.repository = repository
p.permission = permission
Session().add(p)
def revoke_perm(self, user, perm):
"""
Revoke users global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
UserToPerm.query().filter(
UserToPerm.user == user,
UserToPerm.permission == perm,
).delete()
def revoke_perm(self, user, perm):
"""
Revoke users global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
UserToPerm.query().filter(
UserToPerm.user == user,
UserToPerm.permission == perm,
).delete()
def _create_default_perms(self, user_group):
# create default permission
default_perm = 'usergroup.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('usergroup.'):
default_perm = p.permission.permission_name
break
user_group_to_perm = UserUserGroupToPerm()
user_group_to_perm.permission = Permission.get_by_key(default_perm)
user_group_to_perm.user_group = user_group
user_group_to_perm.user_id = def_user.user_id
return user_group_to_perm
def _create_default_perms(self, user_group):
# create default permission
default_perm = 'usergroup.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('usergroup.'):
default_perm = p.permission.permission_name
break
user_group_to_perm = UserUserGroupToPerm()
user_group_to_perm.permission = Permission.get_by_key(default_perm)
user_group_to_perm.user_group = user_group
user_group_to_perm.user_id = def_user.user_id
return user_group_to_perm
def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm = UserRepoGroupToPerm()
repo_group_to_perm.permission = Permission.get_by_key(default_perm)
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = def_user.user_id
return repo_group_to_perm
def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm = UserRepoGroupToPerm()
repo_group_to_perm.permission = Permission.get_by_key(default_perm)
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = def_user.user_id
return repo_group_to_perm
def test_set_private_flag_sets_default_to_none(self):
self.log_user()
# initially repository perm should be read
perm = _get_permission_for_user(user='******', repo=self.REPO)
assert len(perm), 1
assert perm[0].permission.permission_name == 'repository.read'
assert Repository.get_by_repo_name(self.REPO).private == False
response = self.app.post(
base.url('update_repo', repo_name=self.REPO),
fixture._get_repo_create_params(
repo_private=1,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
owner=base.TEST_USER_ADMIN_LOGIN,
_session_csrf_secret_token=self.session_csrf_secret_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
assert Repository.get_by_repo_name(self.REPO).private == True
# now the repo default permission should be None
perm = _get_permission_for_user(user='******', repo=self.REPO)
assert len(perm), 1
assert perm[0].permission.permission_name == 'repository.none'
response = self.app.post(
base.url('update_repo', repo_name=self.REPO),
fixture._get_repo_create_params(
repo_private=False,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
owner=base.TEST_USER_ADMIN_LOGIN,
_session_csrf_secret_token=self.session_csrf_secret_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
assert Repository.get_by_repo_name(self.REPO).private == False
# we turn off private now the repo default permission should stay None
perm = _get_permission_for_user(user='******', repo=self.REPO)
assert len(perm), 1
assert perm[0].permission.permission_name == 'repository.none'
# update this permission back
perm[0].permission = Permission.get_by_key('repository.read')
Session().commit()
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def add_permission(self, repo_group, obj, obj_type, perm, recursive):
from kallithea.model.repo import RepoModel
repo_group = RepoGroup.guess_instance(repo_group)
perm = Permission.guess_instance(perm)
for el in repo_group.recursive_groups_and_repos():
# iterated obj is an instance of a repos group or repository in
# that group, recursive option can be: none, repos, groups, all
if recursive == 'all':
pass
elif recursive == 'repos':
# skip groups, other than this one
if isinstance(el, RepoGroup) and not el == repo_group:
continue
elif recursive == 'groups':
# skip repos
if isinstance(el, Repository):
continue
else: # recursive == 'none': # DEFAULT don't apply to iterated objects
el = repo_group
# also we do a break at the end of this loop.
if isinstance(el, RepoGroup):
if obj_type == 'user':
RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)
elif obj_type == 'user_group':
RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)
else:
raise Exception('undefined object type %s' % obj_type)
elif isinstance(el, Repository):
# for repos we need to hotfix the name of permission
_perm = perm.permission_name.replace('group.', 'repository.')
if obj_type == 'user':
RepoModel().grant_user_permission(el, user=obj, perm=_perm)
elif obj_type == 'user_group':
RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)
else:
raise Exception('undefined object type %s' % obj_type)
else:
raise Exception('el should be instance of Repository or '
'RepositoryGroup got %s instead' % type(el))
# if it's not recursive call for all,repos,groups
# break the loop and don't proceed with other changes
if recursive not in ['all', 'repos', 'groups']:
break
def _create_default_perms(self, repository, private):
# create default permission
default = 'repository.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if private else default
repo_to_perm = UserRepoToPerm()
repo_to_perm.permission = Permission.get_by_key(default_perm)
repo_to_perm.repository = repository
repo_to_perm.user_id = def_user.user_id
return repo_to_perm
def _create_default_perms(self, repository, private):
# create default permission
default = 'repository.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if private else default
repo_to_perm = UserRepoToPerm()
repo_to_perm.permission = Permission.get_by_key(default_perm)
repo_to_perm.repository = repository
repo_to_perm.user_id = def_user.user_id
return repo_to_perm
def test_set_private_flag_sets_default_to_none(self):
self.log_user()
#initially repository perm should be read
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.read')
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
response = self.app.put(
url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=1,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True)
#now the repo default permission should be None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
response = self.app.put(
url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=False,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
#we turn off private now the repo default permission should stay None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
#update this permission back
perm[0].permission = Permission.get_by_key('repository.read')
Session().add(perm[0])
Session().commit()
def test_set_private_flag_sets_default_to_none(self):
self.log_user()
#initially repository perm should be read
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.read')
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
response = self.app.put(url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=1,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN,
_authentication_token=self.authentication_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' % (self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True)
#now the repo default permission should be None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
response = self.app.put(url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=False,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN,
_authentication_token=self.authentication_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' % (self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
#we turn off private now the repo default permission should stay None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
#update this permission back
perm[0].permission = Permission.get_by_key('repository.read')
Session().add(perm[0])
Session().commit()
def grant_perm(self, user, perm):
"""
Grant user global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserToPerm.query() \
.filter(UserToPerm.user == user) \
.filter(UserToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserToPerm()
new.user = user
new.permission = perm
Session().add(new)
return new
def grant_perm(self, user, perm):
"""
Grant user global permissions
:param user:
:param perm:
"""
user = User.guess_instance(user)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserToPerm.query() \
.filter(UserToPerm.user == user) \
.filter(UserToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserToPerm()
new.user = user
new.permission = perm
Session().add(new)
return new
def has_perm(self, user, perm):
perm = Permission.guess_instance(perm)
user = User.guess_instance(user)
return UserToPerm.query().filter(UserToPerm.user == user) \
.filter(UserToPerm.permission == perm).scalar() is not None
def test_create_in_group_inherit_permissions(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=TEST_USER_ADMIN_LOGIN)
perm = Permission.get_by_key('repository.write')
RepoGroupModel().grant_user_permission(gr, TEST_USER_REGULAR_LOGIN, perm)
## add repo permissions
Session().commit()
repo_name = 'ingroup_inherited_%s' % self.REPO_TYPE
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(url('repos'),
fixture._get_repo_create_params(repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
repo_copy_permissions=True,
_authentication_token=self.authentication_token()))
## run the check page that triggers the flash message
response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
self.checkSessionFlash(response,
'Created repository <a href="/%s">%s</a>'
% (repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository)\
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
self.assertEqual(new_repo.repo_name, repo_name_full)
self.assertEqual(new_repo.description, description)
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
# test if the repository was created on filesystem
try:
vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
self.fail('no repo %s in filesystem' % repo_name)
#check if inherited permissiona are applied
inherited_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
self.assertEqual(len(inherited_perms), 2)
self.assertTrue(TEST_USER_REGULAR_LOGIN in [x.user.username
for x in inherited_perms])
self.assertTrue('repository.write' in [x.permission.permission_name
for x in inherited_perms])
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s', perm_name)
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s' % (perm_name))
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
def _create_repo(self,
repo_name,
repo_type,
description,
owner,
private=False,
clone_uri=None,
repo_group=None,
landing_rev='rev:tip',
fork_of=None,
copy_fork_permissions=False,
enable_statistics=False,
enable_locking=False,
enable_downloads=False,
copy_group_permissions=False,
state=Repository.STATE_PENDING):
"""
Create repository inside database with PENDING state. This should only be
executed by create() repo, with exception of importing existing repos.
"""
from kallithea.model.scm import ScmModel
owner = User.guess_instance(owner)
fork_of = Repository.guess_instance(fork_of)
repo_group = RepoGroup.guess_instance(repo_group)
try:
repo_name = safe_unicode(repo_name)
description = safe_unicode(description)
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
new_repo = Repository()
new_repo.repo_state = state
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.owner = owner
new_repo.group = repo_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
new_repo.enable_statistics = enable_statistics
new_repo.enable_locking = enable_locking
new_repo.enable_downloads = enable_downloads
if repo_group:
new_repo.enable_locking = repo_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
Session().add(new_repo)
if fork_of and copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
elif repo_group and copy_group_permissions:
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == repo_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == repo_group).all()
for perm in user_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserRepoToPerm.create(perm.user, new_repo, perm_obj)
for perm in group_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm_obj)
else:
self._create_default_perms(new_repo, private)
# now automatically start following this repository as owner
ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id)
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
Session().flush()
return new_repo
except Exception:
log.error(traceback.format_exc())
raise
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def update(self, form_result):
perm_user = User.get_by_username(
username=form_result['perm_user_name'])
try:
# stage 1 set anonymous access
if perm_user.is_default_user:
perm_user.active = str2bool(form_result['anonymous'])
# stage 2 reset defaults and set them from form data
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s', perm_name)
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
u2p = UserToPerm.query() \
.filter(UserToPerm.user == perm_user) \
.all()
for p in u2p:
Session().delete(p)
# create fresh set of permissions
for def_perm_key in [
'default_repo_perm',
'default_group_perm',
'default_user_group_perm',
'default_repo_create',
'create_on_write', # special case for create repos on write access to group
#'default_repo_group_create', # not implemented yet
'default_user_group_create',
'default_fork',
'default_register',
'default_extern_activate'
]:
p = _make_new(perm_user, form_result[def_perm_key])
Session().add(p)
# stage 3 update all default permissions for repos if checked
if form_result['overwrite_default_repo']:
_def_name = form_result['default_repo_perm'].split(
'repository.')[-1]
_def = Permission.get_by_key('repository.' + _def_name)
# repos
for r2p in UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == perm_user) \
.all():
# don't reset PRIVATE repositories
if not r2p.repository.private:
r2p.permission = _def
if form_result['overwrite_default_group']:
_def_name = form_result['default_group_perm'].split(
'group.')[-1]
# groups
_def = Permission.get_by_key('group.' + _def_name)
for g2p in UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
if form_result['overwrite_default_user_group']:
_def_name = form_result['default_user_group_perm'].split(
'usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
Session().commit()
except (DatabaseError, ):
log.error(traceback.format_exc())
Session().rollback()
raise
def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,
explicit, algo):
RK = 'repositories'
GK = 'repositories_groups'
UK = 'user_groups'
GLOBAL = 'global'
PERM_WEIGHTS = Permission.PERM_WEIGHTS
permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}
def _choose_perm(new_perm, cur_perm):
new_perm_val = PERM_WEIGHTS[new_perm]
cur_perm_val = PERM_WEIGHTS[cur_perm]
if algo == 'higherwin':
if new_perm_val > cur_perm_val:
return new_perm
return cur_perm
elif algo == 'lowerwin':
if new_perm_val < cur_perm_val:
return new_perm
return cur_perm
#======================================================================
# fetch default permissions
#======================================================================
default_user = User.get_by_username('default', cache=True)
default_user_id = default_user.user_id
default_repo_perms = Permission.get_default_perms(default_user_id)
default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
if user_is_admin:
#==================================================================
# admin users have all rights;
# based on default permissions, just set everything to admin
#==================================================================
permissions[GLOBAL].add('hg.admin')
permissions[GLOBAL].add('hg.create.write_on_repogroup.true')
# repositories
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
p = 'repository.admin'
permissions[RK][r_k] = p
# repository groups
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = 'group.admin'
permissions[GK][rg_k] = p
# user groups
for perm in default_user_group_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = 'usergroup.admin'
permissions[UK][u_k] = p
return permissions
#==================================================================
# SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
#==================================================================
# default global permissions taken from the default user
default_global_perms = UserToPerm.query() \
.filter(UserToPerm.user_id == default_user_id) \
.options(joinedload(UserToPerm.permission))
for perm in default_global_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# defaults for repositories, taken from default user
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
if perm.Repository.private and not (perm.Repository.owner_id == user_id):
# disable defaults for private repos,
p = 'repository.none'
elif perm.Repository.owner_id == user_id:
# set admin if owner
p = 'repository.admin'
else:
p = perm.Permission.permission_name
permissions[RK][r_k] = p
# defaults for repository groups taken from default user permission
# on given group
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
permissions[GK][rg_k] = p
# defaults for user groups taken from default user permission
# on given user group
for perm in default_user_group_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = perm.Permission.permission_name
permissions[UK][u_k] = p
#======================================================================
# !! OVERRIDE GLOBALS !! with user permissions if any found
#======================================================================
# those can be configured from groups or users explicitly
_configurable = set([
'hg.fork.none', 'hg.fork.repository',
'hg.create.none', 'hg.create.repository',
'hg.usergroup.create.false', 'hg.usergroup.create.true'
])
# USER GROUPS comes first
# user group global permissions
user_perms_from_users_groups = Session().query(UserGroupToPerm) \
.options(joinedload(UserGroupToPerm.permission)) \
.join((UserGroupMember, UserGroupToPerm.users_group_id ==
UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.join((UserGroup, UserGroupMember.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.order_by(UserGroupToPerm.users_group_id) \
.all()
# need to group here by groups since user can be in more than
# one group
_grouped = [[x, list(y)] for x, y in
itertools.groupby(user_perms_from_users_groups,
lambda x:x.users_group)]
for gr, perms in _grouped:
# since user can be in multiple groups iterate over them and
# select the lowest permissions first (more explicit)
##TODO: do this^^
if not gr.inherit_default_permissions:
# NEED TO IGNORE all configurable permissions and
# replace them with explicitly set
permissions[GLOBAL] = permissions[GLOBAL] \
.difference(_configurable)
for perm in perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# user specific global permissions
user_perms = Session().query(UserToPerm) \
.options(joinedload(UserToPerm.permission)) \
.filter(UserToPerm.user_id == user_id).all()
if not user_inherit_default_permissions:
# NEED TO IGNORE all configurable permissions and
# replace them with explicitly set
permissions[GLOBAL] = permissions[GLOBAL] \
.difference(_configurable)
for perm in user_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
## END GLOBAL PERMISSIONS
#======================================================================
# !! PERMISSIONS FOR REPOSITORIES !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository and
# fill in his permission from it. _choose_perm decides of which
# permission should be selected based on selected method
#======================================================================
# user group for repositories permissions
user_repo_perms_from_users_groups = \
Session().query(UserGroupRepoToPerm, Permission, Repository,) \
.join((Repository, UserGroupRepoToPerm.repository_id ==
Repository.repo_id)) \
.join((Permission, UserGroupRepoToPerm.permission_id ==
Permission.permission_id)) \
.join((UserGroup, UserGroupRepoToPerm.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_repo_perms_from_users_groups:
r_k = perm.UserGroupRepoToPerm.repository.repo_name
multiple_counter[r_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[RK][r_k]
if perm.Repository.owner_id == user_id:
# set admin if owner
p = 'repository.admin'
else:
if multiple_counter[r_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[RK][r_k] = p
# user explicit permissions for repositories, overrides any specified
# by the group permission
user_repo_perms = Permission.get_default_perms(user_id)
for perm in user_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
cur_perm = permissions[RK][r_k]
# set admin if owner
if perm.Repository.owner_id == user_id:
p = 'repository.admin'
else:
p = perm.Permission.permission_name
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[RK][r_k] = p
#======================================================================
# !! PERMISSIONS FOR REPOSITORY GROUPS !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository groups and
# fill in his permission from it. _choose_perm decides of which
# permission should be selected based on selected method
#======================================================================
# user group for repo groups permissions
user_repo_group_perms_from_users_groups = \
Session().query(UserGroupRepoGroupToPerm, Permission, RepoGroup) \
.join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)) \
.join((Permission, UserGroupRepoGroupToPerm.permission_id
== Permission.permission_id)) \
.join((UserGroup, UserGroupRepoGroupToPerm.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
== UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_repo_group_perms_from_users_groups:
g_k = perm.UserGroupRepoGroupToPerm.group.group_name
multiple_counter[g_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[GK][g_k]
if multiple_counter[g_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[GK][g_k] = p
# user explicit permissions for repository groups
user_repo_groups_perms = Permission.get_default_group_perms(user_id)
for perm in user_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
cur_perm = permissions[GK][rg_k]
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[GK][rg_k] = p
#======================================================================
# !! PERMISSIONS FOR USER GROUPS !!
#======================================================================
# user group for user group permissions
user_group_user_groups_perms = \
Session().query(UserGroupUserGroupToPerm, Permission, UserGroup) \
.join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
== UserGroup.users_group_id)) \
.join((Permission, UserGroupUserGroupToPerm.permission_id
== Permission.permission_id)) \
.join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
== UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.join((UserGroup, UserGroupMember.users_group_id ==
UserGroup.users_group_id), aliased=True, from_joinpoint=True) \
.filter(UserGroup.users_group_active == True) \
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_group_user_groups_perms:
g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
multiple_counter[g_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[UK][g_k]
if multiple_counter[g_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[UK][g_k] = p
#user explicit permission for user groups
user_user_groups_perms = Permission.get_default_user_group_perms(user_id)
for perm in user_user_groups_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = perm.Permission.permission_name
cur_perm = permissions[UK][u_k]
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[UK][u_k] = p
return permissions
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def _create_repo(self, repo_name, repo_type, description, owner,
private=False, clone_uri=None, repo_group=None,
landing_rev='rev:tip', fork_of=None,
copy_fork_permissions=False, enable_statistics=False,
enable_locking=False, enable_downloads=False,
copy_group_permissions=False, state=Repository.STATE_PENDING):
"""
Create repository inside database with PENDING state. This should only be
executed by create() repo, with exception of importing existing repos.
"""
from kallithea.model.scm import ScmModel
owner = self._get_user(owner)
fork_of = self._get_repo(fork_of)
repo_group = self._get_repo_group(repo_group)
try:
repo_name = safe_unicode(repo_name)
description = safe_unicode(description)
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
new_repo = Repository()
new_repo.repo_state = state
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.user = owner
new_repo.group = repo_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
new_repo.enable_statistics = enable_statistics
new_repo.enable_locking = enable_locking
new_repo.enable_downloads = enable_downloads
if repo_group:
new_repo.enable_locking = repo_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
self.sa.add(new_repo)
if fork_of and copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
elif repo_group and copy_group_permissions:
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == repo_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == repo_group).all()
for perm in user_perms:
perm_name = perm.permission.permission_name.replace('group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserRepoToPerm.create(perm.user, new_repo, perm_obj)
for perm in group_perms:
perm_name = perm.permission.permission_name.replace('group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj)
else:
perm_obj = self._create_default_perms(new_repo, private)
self.sa.add(perm_obj)
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
owner.user_id)
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
self.sa.flush()
return new_repo
except Exception:
log.error(traceback.format_exc())
raise
def test_has_perm(self):
perm = Permission.query().all()
for p in perm:
has_p = UserModel().has_perm(self.u1, p)
assert False == has_p
def update(self, form_result):
perm_user = User.get_by_username(username=form_result['perm_user_name'])
try:
# stage 1 set anonymous access
if perm_user.username == User.DEFAULT_USER:
perm_user.active = str2bool(form_result['anonymous'])
self.sa.add(perm_user)
# stage 2 reset defaults and set them from form data
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s' % (perm_name))
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
u2p = self.sa.query(UserToPerm)\
.filter(UserToPerm.user == perm_user)\
.all()
for p in u2p:
self.sa.delete(p)
#create fresh set of permissions
for def_perm_key in ['default_repo_perm',
'default_group_perm',
'default_user_group_perm',
'default_repo_create',
'create_on_write', # special case for create repos on write access to group
#'default_repo_group_create', #not implemented yet
'default_user_group_create',
'default_fork',
'default_register',
'default_extern_activate']:
p = _make_new(perm_user, form_result[def_perm_key])
self.sa.add(p)
#stage 3 update all default permissions for repos if checked
if form_result['overwrite_default_repo']:
_def_name = form_result['default_repo_perm'].split('repository.')[-1]
_def = Permission.get_by_key('repository.' + _def_name)
# repos
for r2p in self.sa.query(UserRepoToPerm)\
.filter(UserRepoToPerm.user == perm_user)\
.all():
#don't reset PRIVATE repositories
if not r2p.repository.private:
r2p.permission = _def
self.sa.add(r2p)
if form_result['overwrite_default_group']:
_def_name = form_result['default_group_perm'].split('group.')[-1]
# groups
_def = Permission.get_by_key('group.' + _def_name)
for g2p in self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
if form_result['overwrite_default_user_group']:
_def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in self.sa.query(UserUserGroupToPerm)\
.filter(UserUserGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
self.sa.commit()
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
