def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,
explicit, algo):
RK = 'repositories'
GK = 'repositories_groups'
UK = 'user_groups'
GLOBAL = 'global'
PERM_WEIGHTS = Permission.PERM_WEIGHTS
permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}
def _choose_perm(new_perm, cur_perm):
new_perm_val = PERM_WEIGHTS[new_perm]
cur_perm_val = PERM_WEIGHTS[cur_perm]
if algo == 'higherwin':
if new_perm_val > cur_perm_val:
return new_perm
return cur_perm
elif algo == 'lowerwin':
if new_perm_val < cur_perm_val:
return new_perm
return cur_perm
#======================================================================
# fetch default permissions
#======================================================================
default_user = User.get_by_username('default', cache=True)
default_user_id = default_user.user_id
default_repo_perms = Permission.get_default_perms(default_user_id)
default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
if user_is_admin:
#==================================================================
# admin users have all rights;
# based on default permissions, just set everything to admin
#==================================================================
permissions[GLOBAL].add('hg.admin')
permissions[GLOBAL].add('hg.create.write_on_repogroup.true')
# repositories
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
p = 'repository.admin'
permissions[RK][r_k] = p
# repository groups
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = 'group.admin'
permissions[GK][rg_k] = p
# user groups
for perm in default_user_group_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = 'usergroup.admin'
permissions[UK][u_k] = p
return permissions
#==================================================================
# SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
#==================================================================
# default global permissions taken from the default user
default_global_perms = UserToPerm.query() \
.filter(UserToPerm.user_id == default_user_id) \
.options(joinedload(UserToPerm.permission))
for perm in default_global_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# defaults for repositories, taken from default user
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
if perm.Repository.private and not (perm.Repository.owner_id == user_id):
# disable defaults for private repos,
p = 'repository.none'
elif perm.Repository.owner_id == user_id:
# set admin if owner
p = 'repository.admin'
else:
p = perm.Permission.permission_name
permissions[RK][r_k] = p
# defaults for repository groups taken from default user permission
# on given group
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
permissions[GK][rg_k] = p
# defaults for user groups taken from default user permission
# on given user group
for perm in default_user_group_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = perm.Permission.permission_name
permissions[UK][u_k] = p
#======================================================================
# !! OVERRIDE GLOBALS !! with user permissions if any found
#======================================================================
# those can be configured from groups or users explicitly
_configurable = set([
'hg.fork.none', 'hg.fork.repository',
'hg.create.none', 'hg.create.repository',
'hg.usergroup.create.false', 'hg.usergroup.create.true'
])
# USER GROUPS comes first
# user group global permissions
user_perms_from_users_groups = Session().query(UserGroupToPerm) \
.options(joinedload(UserGroupToPerm.permission)) \
.join((UserGroupMember, UserGroupToPerm.users_group_id ==
UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.join((UserGroup, UserGroupMember.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.order_by(UserGroupToPerm.users_group_id) \
.all()
# need to group here by groups since user can be in more than
# one group
_grouped = [[x, list(y)] for x, y in
itertools.groupby(user_perms_from_users_groups,
lambda x:x.users_group)]
for gr, perms in _grouped:
# since user can be in multiple groups iterate over them and
# select the lowest permissions first (more explicit)
##TODO: do this^^
if not gr.inherit_default_permissions:
# NEED TO IGNORE all configurable permissions and
# replace them with explicitly set
permissions[GLOBAL] = permissions[GLOBAL] \
.difference(_configurable)
for perm in perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# user specific global permissions
user_perms = Session().query(UserToPerm) \
.options(joinedload(UserToPerm.permission)) \
.filter(UserToPerm.user_id == user_id).all()
if not user_inherit_default_permissions:
# NEED TO IGNORE all configurable permissions and
# replace them with explicitly set
permissions[GLOBAL] = permissions[GLOBAL] \
.difference(_configurable)
for perm in user_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
## END GLOBAL PERMISSIONS
#======================================================================
# !! PERMISSIONS FOR REPOSITORIES !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository and
# fill in his permission from it. _choose_perm decides of which
# permission should be selected based on selected method
#======================================================================
# user group for repositories permissions
user_repo_perms_from_users_groups = \
Session().query(UserGroupRepoToPerm, Permission, Repository,) \
.join((Repository, UserGroupRepoToPerm.repository_id ==
Repository.repo_id)) \
.join((Permission, UserGroupRepoToPerm.permission_id ==
Permission.permission_id)) \
.join((UserGroup, UserGroupRepoToPerm.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_repo_perms_from_users_groups:
r_k = perm.UserGroupRepoToPerm.repository.repo_name
multiple_counter[r_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[RK][r_k]
if perm.Repository.owner_id == user_id:
# set admin if owner
p = 'repository.admin'
else:
if multiple_counter[r_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[RK][r_k] = p
# user explicit permissions for repositories, overrides any specified
# by the group permission
user_repo_perms = Permission.get_default_perms(user_id)
for perm in user_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
cur_perm = permissions[RK][r_k]
# set admin if owner
if perm.Repository.owner_id == user_id:
p = 'repository.admin'
else:
p = perm.Permission.permission_name
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[RK][r_k] = p
#======================================================================
# !! PERMISSIONS FOR REPOSITORY GROUPS !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository groups and
# fill in his permission from it. _choose_perm decides of which
# permission should be selected based on selected method
#======================================================================
# user group for repo groups permissions
user_repo_group_perms_from_users_groups = \
Session().query(UserGroupRepoGroupToPerm, Permission, RepoGroup) \
.join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)) \
.join((Permission, UserGroupRepoGroupToPerm.permission_id
== Permission.permission_id)) \
.join((UserGroup, UserGroupRepoGroupToPerm.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
== UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_repo_group_perms_from_users_groups:
g_k = perm.UserGroupRepoGroupToPerm.group.group_name
multiple_counter[g_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[GK][g_k]
if multiple_counter[g_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[GK][g_k] = p
# user explicit permissions for repository groups
user_repo_groups_perms = Permission.get_default_group_perms(user_id)
for perm in user_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
cur_perm = permissions[GK][rg_k]
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[GK][rg_k] = p
#======================================================================
# !! PERMISSIONS FOR USER GROUPS !!
#======================================================================
# user group for user group permissions
user_group_user_groups_perms = \
Session().query(UserGroupUserGroupToPerm, Permission, UserGroup) \
.join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
== UserGroup.users_group_id)) \
.join((Permission, UserGroupUserGroupToPerm.permission_id
== Permission.permission_id)) \
.join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
== UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.join((UserGroup, UserGroupMember.users_group_id ==
UserGroup.users_group_id), aliased=True, from_joinpoint=True) \
.filter(UserGroup.users_group_active == True) \
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_group_user_groups_perms:
g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
multiple_counter[g_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[UK][g_k]
if multiple_counter[g_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[UK][g_k] = p
#user explicit permission for user groups
user_user_groups_perms = Permission.get_default_user_group_perms(user_id)
for perm in user_user_groups_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = perm.Permission.permission_name
cur_perm = permissions[UK][u_k]
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[UK][u_k] = p
return permissions
def _cached_perms_data(user_id, user_is_admin,
user_inherit_default_permissions, explicit, algo):
RK = 'repositories'
GK = 'repositories_groups'
UK = 'user_groups'
GLOBAL = 'global'
PERM_WEIGHTS = Permission.PERM_WEIGHTS
permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}
def _choose_perm(new_perm, cur_perm):
new_perm_val = PERM_WEIGHTS[new_perm]
cur_perm_val = PERM_WEIGHTS[cur_perm]
if algo == 'higherwin':
if new_perm_val > cur_perm_val:
return new_perm
return cur_perm
elif algo == 'lowerwin':
if new_perm_val < cur_perm_val:
return new_perm
return cur_perm
#======================================================================
# fetch default permissions
#======================================================================
default_user = User.get_by_username('default', cache=True)
default_user_id = default_user.user_id
default_repo_perms = Permission.get_default_perms(default_user_id)
default_repo_groups_perms = Permission.get_default_group_perms(
default_user_id)
default_user_group_perms = Permission.get_default_user_group_perms(
default_user_id)
if user_is_admin:
#==================================================================
# admin user have all default rights for repositories
# and groups set to admin
#==================================================================
permissions[GLOBAL].add('hg.admin')
permissions[GLOBAL].add('hg.create.write_on_repogroup.true')
# repositories
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
p = 'repository.admin'
permissions[RK][r_k] = p
# repository groups
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = 'group.admin'
permissions[GK][rg_k] = p
# user groups
for perm in default_user_group_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = 'usergroup.admin'
permissions[UK][u_k] = p
return permissions
#==================================================================
# SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
#==================================================================
uid = user_id
# default global permissions taken from the default user
default_global_perms = UserToPerm.query()\
.filter(UserToPerm.user_id == default_user_id)\
.options(joinedload(UserToPerm.permission))
for perm in default_global_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# defaults for repositories, taken from default user
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
if perm.Repository.private and not (perm.Repository.user_id == uid):
# disable defaults for private repos,
p = 'repository.none'
elif perm.Repository.user_id == uid:
# set admin if owner
p = 'repository.admin'
else:
p = perm.Permission.permission_name
permissions[RK][r_k] = p
# defaults for repository groups taken from default user permission
# on given group
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
permissions[GK][rg_k] = p
# defaults for user groups taken from default user permission
# on given user group
for perm in default_user_group_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = perm.Permission.permission_name
permissions[UK][u_k] = p
#======================================================================
# !! OVERRIDE GLOBALS !! with user permissions if any found
#======================================================================
# those can be configured from groups or users explicitly
_configurable = set([
'hg.fork.none', 'hg.fork.repository', 'hg.create.none',
'hg.create.repository', 'hg.usergroup.create.false',
'hg.usergroup.create.true'
])
# USER GROUPS comes first
# user group global permissions
user_perms_from_users_groups = Session().query(UserGroupToPerm)\
.options(joinedload(UserGroupToPerm.permission))\
.join((UserGroupMember, UserGroupToPerm.users_group_id ==
UserGroupMember.users_group_id))\
.filter(UserGroupMember.user_id == uid)\
.order_by(UserGroupToPerm.users_group_id)\
.all()
# need to group here by groups since user can be in more than
# one group
_grouped = [[x, list(y)] for x, y in itertools.groupby(
user_perms_from_users_groups, lambda x: x.users_group)]
for gr, perms in _grouped:
# since user can be in multiple groups iterate over them and
# select the lowest permissions first (more explicit)
##TODO: do this^^
if not gr.inherit_default_permissions:
# NEED TO IGNORE all configurable permissions and
# replace them with explicitly set
permissions[GLOBAL] = permissions[GLOBAL]\
.difference(_configurable)
for perm in perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# user specific global permissions
user_perms = Session().query(UserToPerm)\
.options(joinedload(UserToPerm.permission))\
.filter(UserToPerm.user_id == uid).all()
if not user_inherit_default_permissions:
# NEED TO IGNORE all configurable permissions and
# replace them with explicitly set
permissions[GLOBAL] = permissions[GLOBAL]\
.difference(_configurable)
for perm in user_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
## END GLOBAL PERMISSIONS
#======================================================================
# !! PERMISSIONS FOR REPOSITORIES !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository and
# fill in his permission from it. _choose_perm decides of which
# permission should be selected based on selected method
#======================================================================
# user group for repositories permissions
user_repo_perms_from_users_groups = \
Session().query(UserGroupRepoToPerm, Permission, Repository,)\
.join((Repository, UserGroupRepoToPerm.repository_id ==
Repository.repo_id))\
.join((Permission, UserGroupRepoToPerm.permission_id ==
Permission.permission_id))\
.join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
UserGroupMember.users_group_id))\
.filter(UserGroupMember.user_id == uid)\
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_repo_perms_from_users_groups:
r_k = perm.UserGroupRepoToPerm.repository.repo_name
multiple_counter[r_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[RK][r_k]
if perm.Repository.user_id == uid:
# set admin if owner
p = 'repository.admin'
else:
if multiple_counter[r_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[RK][r_k] = p
# user explicit permissions for repositories, overrides any specified
# by the group permission
user_repo_perms = Permission.get_default_perms(uid)
for perm in user_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
cur_perm = permissions[RK][r_k]
# set admin if owner
if perm.Repository.user_id == uid:
p = 'repository.admin'
else:
p = perm.Permission.permission_name
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[RK][r_k] = p
#======================================================================
# !! PERMISSIONS FOR REPOSITORY GROUPS !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository groups and
# fill in his permission from it. _choose_perm decides of which
# permission should be selected based on selected method
#======================================================================
# user group for repo groups permissions
user_repo_group_perms_from_users_groups = \
Session().query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
.join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
.join((Permission, UserGroupRepoGroupToPerm.permission_id
== Permission.permission_id))\
.join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
== UserGroupMember.users_group_id))\
.filter(UserGroupMember.user_id == uid)\
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_repo_group_perms_from_users_groups:
g_k = perm.UserGroupRepoGroupToPerm.group.group_name
multiple_counter[g_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[GK][g_k]
if multiple_counter[g_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[GK][g_k] = p
# user explicit permissions for repository groups
user_repo_groups_perms = Permission.get_default_group_perms(uid)
for perm in user_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
cur_perm = permissions[GK][rg_k]
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[GK][rg_k] = p
#======================================================================
# !! PERMISSIONS FOR USER GROUPS !!
#======================================================================
# user group for user group permissions
user_group_user_groups_perms = \
Session().query(UserGroupUserGroupToPerm, Permission, UserGroup)\
.join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
== UserGroup.users_group_id))\
.join((Permission, UserGroupUserGroupToPerm.permission_id
== Permission.permission_id))\
.join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
== UserGroupMember.users_group_id))\
.filter(UserGroupMember.user_id == uid)\
.all()
multiple_counter = collections.defaultdict(int)
for perm in user_group_user_groups_perms:
g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
multiple_counter[g_k] += 1
p = perm.Permission.permission_name
cur_perm = permissions[UK][g_k]
if multiple_counter[g_k] > 1:
p = _choose_perm(p, cur_perm)
permissions[UK][g_k] = p
#user explicit permission for user groups
user_user_groups_perms = Permission.get_default_user_group_perms(uid)
for perm in user_user_groups_perms:
u_k = perm.UserUserGroupToPerm.user_group.users_group_name
p = perm.Permission.permission_name
cur_perm = permissions[UK][u_k]
if not explicit:
p = _choose_perm(p, cur_perm)
permissions[UK][u_k] = p
return permissions
def _cached_perms_data(user_id, user_is_admin):
RK = 'repositories'
GK = 'repositories_groups'
UK = 'user_groups'
GLOBAL = 'global'
PERM_WEIGHTS = Permission.PERM_WEIGHTS
permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}
def bump_permission(kind, key, new_perm):
"""Add a new permission for kind and key.
Assuming the permissions are comparable, set the new permission if it
has higher weight, else drop it and keep the old permission.
"""
cur_perm = permissions[kind][key]
new_perm_val = PERM_WEIGHTS[new_perm]
cur_perm_val = PERM_WEIGHTS[cur_perm]
if new_perm_val > cur_perm_val:
permissions[kind][key] = new_perm
#======================================================================
# fetch default permissions
#======================================================================
default_repo_perms = Permission.get_default_perms(
kallithea.DEFAULT_USER_ID)
default_repo_groups_perms = Permission.get_default_group_perms(
kallithea.DEFAULT_USER_ID)
default_user_group_perms = Permission.get_default_user_group_perms(
kallithea.DEFAULT_USER_ID)
if user_is_admin:
#==================================================================
# admin users have all rights;
# based on default permissions, just set everything to admin
#==================================================================
permissions[GLOBAL].add('hg.admin')
permissions[GLOBAL].add('hg.create.write_on_repogroup.true')
# repositories
for perm in default_repo_perms:
r_k = perm.repository.repo_name
p = 'repository.admin'
permissions[RK][r_k] = p
# repository groups
for perm in default_repo_groups_perms:
rg_k = perm.group.group_name
p = 'group.admin'
permissions[GK][rg_k] = p
# user groups
for perm in default_user_group_perms:
u_k = perm.user_group.users_group_name
p = 'usergroup.admin'
permissions[UK][u_k] = p
return permissions
#==================================================================
# SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
#==================================================================
# default global permissions taken from the default user
default_global_perms = UserToPerm.query() \
.filter(UserToPerm.user_id == kallithea.DEFAULT_USER_ID) \
.options(joinedload(UserToPerm.permission))
for perm in default_global_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# defaults for repositories, taken from default user
for perm in default_repo_perms:
r_k = perm.repository.repo_name
if perm.repository.owner_id == user_id:
p = 'repository.admin'
elif perm.repository.private:
p = 'repository.none'
else:
p = perm.permission.permission_name
permissions[RK][r_k] = p
# defaults for repository groups taken from default user permission
# on given group
for perm in default_repo_groups_perms:
rg_k = perm.group.group_name
p = perm.permission.permission_name
permissions[GK][rg_k] = p
# defaults for user groups taken from default user permission
# on given user group
for perm in default_user_group_perms:
u_k = perm.user_group.users_group_name
p = perm.permission.permission_name
permissions[UK][u_k] = p
#======================================================================
# !! Augment GLOBALS with user permissions if any found !!
#======================================================================
# USER GROUPS comes first
# user group global permissions
user_perms_from_users_groups = Session().query(UserGroupToPerm) \
.options(joinedload(UserGroupToPerm.permission)) \
.join((UserGroupMember, UserGroupToPerm.users_group_id ==
UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.join((UserGroup, UserGroupMember.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.order_by(UserGroupToPerm.users_group_id) \
.all()
# need to group here by groups since user can be in more than
# one group
_grouped = [[x, list(y)] for x, y in itertools.groupby(
user_perms_from_users_groups, lambda x: x.users_group)]
for gr, perms in _grouped:
for perm in perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# user specific global permissions
user_perms = Session().query(UserToPerm) \
.options(joinedload(UserToPerm.permission)) \
.filter(UserToPerm.user_id == user_id).all()
for perm in user_perms:
permissions[GLOBAL].add(perm.permission.permission_name)
# for each kind of global permissions, only keep the one with heighest weight
kind_max_perm = {}
for perm in sorted(permissions[GLOBAL], key=lambda n: PERM_WEIGHTS[n]):
kind = perm.rsplit('.', 1)[0]
kind_max_perm[kind] = perm
permissions[GLOBAL] = set(kind_max_perm.values())
## END GLOBAL PERMISSIONS
#======================================================================
# !! PERMISSIONS FOR REPOSITORIES !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository and
# fill in his permission from it.
#======================================================================
# user group for repositories permissions
user_repo_perms_from_users_groups = \
Session().query(UserGroupRepoToPerm) \
.join((UserGroup, UserGroupRepoToPerm.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.options(joinedload(UserGroupRepoToPerm.repository)) \
.options(joinedload(UserGroupRepoToPerm.permission)) \
.all()
for perm in user_repo_perms_from_users_groups:
bump_permission(RK, perm.repository.repo_name,
perm.permission.permission_name)
# user permissions for repositories
user_repo_perms = Permission.get_default_perms(user_id)
for perm in user_repo_perms:
bump_permission(RK, perm.repository.repo_name,
perm.permission.permission_name)
#======================================================================
# !! PERMISSIONS FOR REPOSITORY GROUPS !!
#======================================================================
#======================================================================
# check if user is part of user groups for this repository groups and
# fill in his permission from it.
#======================================================================
# user group for repo groups permissions
user_repo_group_perms_from_users_groups = \
Session().query(UserGroupRepoGroupToPerm) \
.join((UserGroup, UserGroupRepoGroupToPerm.users_group_id ==
UserGroup.users_group_id)) \
.filter(UserGroup.users_group_active == True) \
.join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
== UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.options(joinedload(UserGroupRepoGroupToPerm.permission)) \
.all()
for perm in user_repo_group_perms_from_users_groups:
bump_permission(GK, perm.group.group_name,
perm.permission.permission_name)
# user explicit permissions for repository groups
user_repo_groups_perms = Permission.get_default_group_perms(user_id)
for perm in user_repo_groups_perms:
bump_permission(GK, perm.group.group_name,
perm.permission.permission_name)
#======================================================================
# !! PERMISSIONS FOR USER GROUPS !!
#======================================================================
# user group for user group permissions
user_group_user_groups_perms = \
Session().query(UserGroupUserGroupToPerm) \
.join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
== UserGroup.users_group_id)) \
.join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
== UserGroupMember.users_group_id)) \
.filter(UserGroupMember.user_id == user_id) \
.join((UserGroup, UserGroupMember.users_group_id ==
UserGroup.users_group_id), aliased=True, from_joinpoint=True) \
.filter(UserGroup.users_group_active == True) \
.options(joinedload(UserGroupUserGroupToPerm.permission)) \
.all()
for perm in user_group_user_groups_perms:
bump_permission(UK, perm.target_user_group.users_group_name,
perm.permission.permission_name)
# user explicit permission for user groups
user_user_groups_perms = Permission.get_default_user_group_perms(user_id)
for perm in user_user_groups_perms:
bump_permission(UK, perm.user_group.users_group_name,
perm.permission.permission_name)
return permissions
