def test_revoke_perm_fork_repo(self):
self.log_user()
perm_none = Permission.get_by_key('hg.fork.none')
perm_fork = Permission.get_by_key('hg.fork.repository')
user = UserModel().create_or_update(username='******', password='******',
email='dummy', firstname='a',
lastname='b')
Session().commit()
uid = user.user_id
try:
#User should have None permission on creation repository
self.assertEqual(UserModel().has_perm(user, perm_none), False)
self.assertEqual(UserModel().has_perm(user, perm_fork), False)
response = self.app.post(url('edit_user_perms', id=uid),
params=dict(_method='put'))
perm_none = Permission.get_by_key('hg.create.none')
perm_create = Permission.get_by_key('hg.create.repository')
#User should have None permission on creation repository
self.assertEqual(UserModel().has_perm(uid, perm_none), True)
self.assertEqual(UserModel().has_perm(uid, perm_create), False)
finally:
UserModel().delete(uid)
Session().commit()
def test_revoke_perm_fork_repo(self):
self.log_user()
perm_none = Permission.get_by_key('hg.fork.none')
perm_fork = Permission.get_by_key('hg.fork.repository')
user = UserModel().create_or_update(username='******',
password='******',
email='dummy',
firstname='a',
lastname='b')
Session().commit()
uid = user.user_id
try:
# User should have None permission on creation repository
assert UserModel().has_perm(user, perm_none) == False
assert UserModel().has_perm(user, perm_fork) == False
response = self.app.post(
base.url('edit_user_perms_update', id=uid),
params=dict(_session_csrf_secret_token=self.
session_csrf_secret_token()))
perm_none = Permission.get_by_key('hg.create.none')
perm_create = Permission.get_by_key('hg.create.repository')
# User should have None permission on creation repository
assert UserModel().has_perm(uid, perm_none) == True
assert UserModel().has_perm(uid, perm_create) == False
finally:
UserModel().delete(uid)
Session().commit()
def test_revoke_perm_fork_repo(self):
self.log_user()
perm_none = Permission.get_by_key('hg.fork.none')
perm_fork = Permission.get_by_key('hg.fork.repository')
user = UserModel().create_or_update(username='******', password='******',
email='dummy', firstname=u'a',
lastname=u'b')
Session().commit()
uid = user.user_id
try:
#User should have None permission on creation repository
assert UserModel().has_perm(user, perm_none) == False
assert UserModel().has_perm(user, perm_fork) == False
response = self.app.post(url('edit_user_perms_update', id=uid),
params=dict(_authentication_token=self.authentication_token()))
perm_none = Permission.get_by_key('hg.create.none')
perm_create = Permission.get_by_key('hg.create.repository')
#User should have None permission on creation repository
assert UserModel().has_perm(uid, perm_none) == True
assert UserModel().has_perm(uid, perm_create) == False
finally:
UserModel().delete(uid)
Session().commit()
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
Session().add(new_perm)
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
Session().add(new_perm)
def test_set_default_permissions_after_modification(self, perm, modify_to):
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
old = Permission.get_by_key(perm)
new = Permission.get_by_key(modify_to)
assert old != None
assert new != None
#now modify permissions
p = UserToPerm.query() \
.filter(UserToPerm.user == self.u1) \
.filter(UserToPerm.permission == old) \
.one()
p.permission = new
Session().commit()
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
new_perm.permission_longname = p[0] #translation err with p[1]
self.sa.add(new_perm)
def test_set_default_permissions_after_modification(self, perm, modify_to):
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
old = Permission.get_by_key(perm)
new = Permission.get_by_key(modify_to)
assert old != None
assert new != None
#now modify permissions
p = UserToPerm.query() \
.filter(UserToPerm.user == self.u1) \
.filter(UserToPerm.permission == old) \
.one()
p.permission = new
Session().commit()
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
new_perm.permission_longname = p[0] #translation err with p[1]
self.sa.add(new_perm)
def update_user_permission(self, repository, user, permission):
permission = Permission.get_by_key(permission)
current = self.get_user_permission(repository, user)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserRepoToPerm()
p.user = user
p.repository = repository
p.permission = permission
self.sa.add(p)
def update_user_permission(self, repository, user, permission):
permission = Permission.get_by_key(permission)
current = self.get_user_permission(repository, user)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserRepoToPerm()
p.user = user
p.repository = repository
p.permission = permission
self.sa.add(p)
def update_users_group_permission(self, repository, users_group,
permission):
permission = Permission.get_by_key(permission)
current = self.get_users_group_permission(repository, users_group)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserGroupRepoToPerm()
p.users_group = users_group
p.repository = repository
p.permission = permission
Session().add(p)
def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm = UserRepoGroupToPerm()
repo_group_to_perm.permission = Permission.get_by_key(default_perm)
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = def_user.user_id
return repo_group_to_perm
def _create_default_perms(self, user_group):
# create default permission
default_perm = 'usergroup.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('usergroup.'):
default_perm = p.permission.permission_name
break
user_group_to_perm = UserUserGroupToPerm()
user_group_to_perm.permission = Permission.get_by_key(default_perm)
user_group_to_perm.user_group = user_group
user_group_to_perm.user_id = def_user.user_id
return user_group_to_perm
def _create_default_perms(self, user_group):
# create default permission
default_perm = 'usergroup.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('usergroup.'):
default_perm = p.permission.permission_name
break
user_group_to_perm = UserUserGroupToPerm()
user_group_to_perm.permission = Permission.get_by_key(default_perm)
user_group_to_perm.user_group = user_group
user_group_to_perm.user_id = def_user.user_id
return user_group_to_perm
def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm = UserRepoGroupToPerm()
repo_group_to_perm.permission = Permission.get_by_key(default_perm)
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = def_user.user_id
return repo_group_to_perm
def test_set_private_flag_sets_default_to_none(self):
self.log_user()
# initially repository perm should be read
perm = _get_permission_for_user(user='******', repo=self.REPO)
assert len(perm), 1
assert perm[0].permission.permission_name == 'repository.read'
assert Repository.get_by_repo_name(self.REPO).private == False
response = self.app.post(
base.url('update_repo', repo_name=self.REPO),
fixture._get_repo_create_params(
repo_private=1,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
owner=base.TEST_USER_ADMIN_LOGIN,
_session_csrf_secret_token=self.session_csrf_secret_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
assert Repository.get_by_repo_name(self.REPO).private == True
# now the repo default permission should be None
perm = _get_permission_for_user(user='******', repo=self.REPO)
assert len(perm), 1
assert perm[0].permission.permission_name == 'repository.none'
response = self.app.post(
base.url('update_repo', repo_name=self.REPO),
fixture._get_repo_create_params(
repo_private=False,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
owner=base.TEST_USER_ADMIN_LOGIN,
_session_csrf_secret_token=self.session_csrf_secret_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
assert Repository.get_by_repo_name(self.REPO).private == False
# we turn off private now the repo default permission should stay None
perm = _get_permission_for_user(user='******', repo=self.REPO)
assert len(perm), 1
assert perm[0].permission.permission_name == 'repository.none'
# update this permission back
perm[0].permission = Permission.get_by_key('repository.read')
Session().commit()
def _create_default_perms(self, repository, private):
# create default permission
default = 'repository.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if private else default
repo_to_perm = UserRepoToPerm()
repo_to_perm.permission = Permission.get_by_key(default_perm)
repo_to_perm.repository = repository
repo_to_perm.user_id = def_user.user_id
return repo_to_perm
def _create_default_perms(self, repository, private):
# create default permission
default = 'repository.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if private else default
repo_to_perm = UserRepoToPerm()
repo_to_perm.permission = Permission.get_by_key(default_perm)
repo_to_perm.repository = repository
repo_to_perm.user_id = def_user.user_id
return repo_to_perm
def test_set_private_flag_sets_default_to_none(self):
self.log_user()
#initially repository perm should be read
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.read')
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
response = self.app.put(
url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=1,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True)
#now the repo default permission should be None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
response = self.app.put(
url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=False,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' %
(self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
#we turn off private now the repo default permission should stay None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
#update this permission back
perm[0].permission = Permission.get_by_key('repository.read')
Session().add(perm[0])
Session().commit()
def test_set_private_flag_sets_default_to_none(self):
self.log_user()
#initially repository perm should be read
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.read')
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
response = self.app.put(url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=1,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN,
_authentication_token=self.authentication_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' % (self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True)
#now the repo default permission should be None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
response = self.app.put(url('repo', repo_name=self.REPO),
fixture._get_repo_create_params(repo_private=False,
repo_name=self.REPO,
repo_type=self.REPO_TYPE,
user=TEST_USER_ADMIN_LOGIN,
_authentication_token=self.authentication_token()))
self.checkSessionFlash(response,
msg='Repository %s updated successfully' % (self.REPO))
self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False)
#we turn off private now the repo default permission should stay None
perm = _get_permission_for_user(user='******', repo=self.REPO)
self.assertTrue(len(perm), 1)
self.assertEqual(perm[0].permission.permission_name, 'repository.none')
#update this permission back
perm[0].permission = Permission.get_by_key('repository.read')
Session().add(perm[0])
Session().commit()
def _create_repo(self,
repo_name,
repo_type,
description,
owner,
private=False,
clone_uri=None,
repo_group=None,
landing_rev='rev:tip',
fork_of=None,
copy_fork_permissions=False,
enable_statistics=False,
enable_locking=False,
enable_downloads=False,
copy_group_permissions=False,
state=Repository.STATE_PENDING):
"""
Create repository inside database with PENDING state. This should only be
executed by create() repo, with exception of importing existing repos.
"""
from kallithea.model.scm import ScmModel
owner = User.guess_instance(owner)
fork_of = Repository.guess_instance(fork_of)
repo_group = RepoGroup.guess_instance(repo_group)
try:
repo_name = safe_unicode(repo_name)
description = safe_unicode(description)
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
new_repo = Repository()
new_repo.repo_state = state
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.owner = owner
new_repo.group = repo_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
new_repo.enable_statistics = enable_statistics
new_repo.enable_locking = enable_locking
new_repo.enable_downloads = enable_downloads
if repo_group:
new_repo.enable_locking = repo_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
Session().add(new_repo)
if fork_of and copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
elif repo_group and copy_group_permissions:
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == repo_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == repo_group).all()
for perm in user_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserRepoToPerm.create(perm.user, new_repo, perm_obj)
for perm in group_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm_obj)
else:
self._create_default_perms(new_repo, private)
# now automatically start following this repository as owner
ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id)
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
Session().flush()
return new_repo
except Exception:
log.error(traceback.format_exc())
raise
def test_create_in_group_inherit_permissions(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=TEST_USER_ADMIN_LOGIN)
perm = Permission.get_by_key('repository.write')
RepoGroupModel().grant_user_permission(gr, TEST_USER_REGULAR_LOGIN, perm)
## add repo permissions
Session().commit()
repo_name = 'ingroup_inherited_%s' % self.REPO_TYPE
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(url('repos'),
fixture._get_repo_create_params(repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
repo_copy_permissions=True,
_authentication_token=self.authentication_token()))
## run the check page that triggers the flash message
response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
self.checkSessionFlash(response,
'Created repository <a href="/%s">%s</a>'
% (repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository)\
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
self.assertEqual(new_repo.repo_name, repo_name_full)
self.assertEqual(new_repo.description, description)
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
# test if the repository was created on filesystem
try:
vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
self.fail('no repo %s in filesystem' % repo_name)
#check if inherited permissiona are applied
inherited_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
self.assertEqual(len(inherited_perms), 2)
self.assertTrue(TEST_USER_REGULAR_LOGIN in [x.user.username
for x in inherited_perms])
self.assertTrue('repository.write' in [x.permission.permission_name
for x in inherited_perms])
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def update(self, form_result):
perm_user = User.get_by_username(
username=form_result['perm_user_name'])
try:
# stage 1 set anonymous access
if perm_user.is_default_user:
perm_user.active = str2bool(form_result['anonymous'])
# stage 2 reset defaults and set them from form data
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s', perm_name)
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
u2p = UserToPerm.query() \
.filter(UserToPerm.user == perm_user) \
.all()
for p in u2p:
Session().delete(p)
# create fresh set of permissions
for def_perm_key in [
'default_repo_perm',
'default_group_perm',
'default_user_group_perm',
'default_repo_create',
'create_on_write', # special case for create repos on write access to group
#'default_repo_group_create', # not implemented yet
'default_user_group_create',
'default_fork',
'default_register',
'default_extern_activate'
]:
p = _make_new(perm_user, form_result[def_perm_key])
Session().add(p)
# stage 3 update all default permissions for repos if checked
if form_result['overwrite_default_repo']:
_def_name = form_result['default_repo_perm'].split(
'repository.')[-1]
_def = Permission.get_by_key('repository.' + _def_name)
# repos
for r2p in UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == perm_user) \
.all():
# don't reset PRIVATE repositories
if not r2p.repository.private:
r2p.permission = _def
if form_result['overwrite_default_group']:
_def_name = form_result['default_group_perm'].split(
'group.')[-1]
# groups
_def = Permission.get_by_key('group.' + _def_name)
for g2p in UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
if form_result['overwrite_default_user_group']:
_def_name = form_result['default_user_group_perm'].split(
'usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
Session().commit()
except (DatabaseError, ):
log.error(traceback.format_exc())
Session().rollback()
raise
def test_default_perms_enable_repository_fork_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(
url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response, 'Created user group ')
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(
url('edit_user_group_default_perms', id=ug.users_group_id),
{'fork_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.repository')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(
url('edit_user_group_default_perms', id=ug.users_group_id), {})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.fork.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[
x.users_group_id,
x.permission_id,
] for x in perms]
self.assertEqual(perms, [])
def test_create_in_group_inherit_permissions(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=base.TEST_USER_ADMIN_LOGIN)
perm = Permission.get_by_key('repository.write')
RepoGroupModel().grant_user_permission(gr,
base.TEST_USER_REGULAR_LOGIN,
perm)
## add repo permissions
Session().commit()
repo_name = 'ingroup_inherited_%s' % self.REPO_TYPE
repo_name_full = db.URL_SEP.join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
repo_copy_permissions=True,
_session_csrf_secret_token=self.session_csrf_secret_token()))
## run the check page that triggers the flash message
response = self.app.get(
base.url('repo_check_home', repo_name=repo_name_full))
self.checkSessionFlash(
response, 'Created repository <a href="/%s">%s</a>' %
(repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository) \
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
assert new_repo.repo_name == repo_name_full
assert new_repo.description == description
# test if the repository is visible in the list ?
response = self.app.get(
base.url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
# test if the repository was created on filesystem
try:
vcs.get_repo(
os.path.join(
Ui.get_by_key('paths', '/').ui_value, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
pytest.fail('no repo %s in filesystem' % repo_name)
# check if inherited permissiona are applied
inherited_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
assert len(inherited_perms) == 2
assert base.TEST_USER_REGULAR_LOGIN in [
x.user.username for x in inherited_perms
]
assert 'repository.write' in [
x.permission.permission_name for x in inherited_perms
]
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def test_default_perms_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'Created user group ')
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('edit_user_group_default_perms',
id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(
url('edit_user_group_default_perms', id=ug.users_group_id), {})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name == users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[x.users_group_id,
x.permission_id, ] for x in perms]
self.assertEqual(perms, [])
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s', perm_name)
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
def _create_repo(self, repo_name, repo_type, description, owner,
private=False, clone_uri=None, repo_group=None,
landing_rev='rev:tip', fork_of=None,
copy_fork_permissions=False, enable_statistics=False,
enable_locking=False, enable_downloads=False,
copy_group_permissions=False, state=Repository.STATE_PENDING):
"""
Create repository inside database with PENDING state. This should only be
executed by create() repo, with exception of importing existing repos.
"""
from kallithea.model.scm import ScmModel
owner = self._get_user(owner)
fork_of = self._get_repo(fork_of)
repo_group = self._get_repo_group(repo_group)
try:
repo_name = safe_unicode(repo_name)
description = safe_unicode(description)
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
new_repo = Repository()
new_repo.repo_state = state
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.user = owner
new_repo.group = repo_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
new_repo.enable_statistics = enable_statistics
new_repo.enable_locking = enable_locking
new_repo.enable_downloads = enable_downloads
if repo_group:
new_repo.enable_locking = repo_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
self.sa.add(new_repo)
if fork_of and copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
elif repo_group and copy_group_permissions:
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == repo_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == repo_group).all()
for perm in user_perms:
perm_name = perm.permission.permission_name.replace('group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserRepoToPerm.create(perm.user, new_repo, perm_obj)
for perm in group_perms:
perm_name = perm.permission.permission_name.replace('group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj)
else:
perm_obj = self._create_default_perms(new_repo, private)
self.sa.add(perm_obj)
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
owner.user_id)
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
self.sa.flush()
return new_repo
except Exception:
log.error(traceback.format_exc())
raise
def update(self, form_result):
perm_user = User.get_by_username(username=form_result['perm_user_name'])
try:
# stage 1 set anonymous access
if perm_user.username == User.DEFAULT_USER:
perm_user.active = str2bool(form_result['anonymous'])
self.sa.add(perm_user)
# stage 2 reset defaults and set them from form data
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s' % (perm_name))
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
u2p = self.sa.query(UserToPerm)\
.filter(UserToPerm.user == perm_user)\
.all()
for p in u2p:
self.sa.delete(p)
#create fresh set of permissions
for def_perm_key in ['default_repo_perm',
'default_group_perm',
'default_user_group_perm',
'default_repo_create',
'create_on_write', # special case for create repos on write access to group
#'default_repo_group_create', #not implemented yet
'default_user_group_create',
'default_fork',
'default_register',
'default_extern_activate']:
p = _make_new(perm_user, form_result[def_perm_key])
self.sa.add(p)
#stage 3 update all default permissions for repos if checked
if form_result['overwrite_default_repo']:
_def_name = form_result['default_repo_perm'].split('repository.')[-1]
_def = Permission.get_by_key('repository.' + _def_name)
# repos
for r2p in self.sa.query(UserRepoToPerm)\
.filter(UserRepoToPerm.user == perm_user)\
.all():
#don't reset PRIVATE repositories
if not r2p.repository.private:
r2p.permission = _def
self.sa.add(r2p)
if form_result['overwrite_default_group']:
_def_name = form_result['default_group_perm'].split('group.')[-1]
# groups
_def = Permission.get_by_key('group.' + _def_name)
for g2p in self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
if form_result['overwrite_default_user_group']:
_def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in self.sa.query(UserUserGroupToPerm)\
.filter(UserUserGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
self.sa.commit()
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def test_default_perms_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(
base.url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response, 'Created user group ')
## ENABLE REPO CREATE ON A GROUP
response = self.app.post(
base.url('edit_user_group_default_perms_update',
id=ug.users_group_id),
{
'create_repo_perm': True,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == ug).all()
assert sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
## DISABLE REPO CREATE ON A GROUP
response = self.app.post(base.url(
'edit_user_group_default_perms_update', id=ug.users_group_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == ug).all()
assert sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.post(base.url('delete_users_group',
id=ug.users_group_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
response = response.follow()
gr = Session().query(UserGroup) \
.filter(UserGroup.users_group_name == users_group_name).scalar()
assert gr is None
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[
x.users_group_id,
x.permission_id,
] for x in perms]
assert perms == []
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s' % (perm_name))
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
