def grant_user_permission(self, repo, user, perm):
"""
Grant permission for user on given repository, or update existing one
if found
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user = self._get_user(user)
repo = self._get_repo(repo)
permission = self._get_perm(perm)
# check if we have that permission already
obj = self.sa.query(UserRepoToPerm) \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new !
obj = UserRepoToPerm()
obj.repository = repo
obj.user = user
obj.permission = permission
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, user, repo))
return obj
def grant_user_permission(self, repo, user, perm):
"""
Grant permission for user on given repository, or update existing one
if found
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user = self._get_user(user)
repo = self._get_repo(repo)
permission = self._get_perm(perm)
# check if we have that permission already
obj = self.sa.query(UserRepoToPerm) \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new !
obj = UserRepoToPerm()
obj.repository = repo
obj.user = user
obj.permission = permission
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, user, repo))
return obj
def update_user_permission(self, repository, user, permission):
permission = Permission.get_by_key(permission)
current = self.get_user_permission(repository, user)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserRepoToPerm()
p.user = user
p.repository = repository
p.permission = permission
self.sa.add(p)
def update_user_permission(self, repository, user, permission):
permission = Permission.get_by_key(permission)
current = self.get_user_permission(repository, user)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UserRepoToPerm()
p.user = user
p.repository = repository
p.permission = permission
self.sa.add(p)
def test_create_in_group(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=base.TEST_USER_ADMIN_LOGIN)
Session().commit()
repo_name = 'ingroup'
repo_name_full = db.URL_SEP.join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
_session_csrf_secret_token=self.session_csrf_secret_token()))
## run the check page that triggers the flash message
response = self.app.get(
base.url('repo_check_home', repo_name=repo_name_full))
assert response.json == {'result': True}
self.checkSessionFlash(
response, 'Created repository <a href="/%s">%s</a>' %
(repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository) \
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
assert new_repo.repo_name == repo_name_full
assert new_repo.description == description
# test if the repository is visible in the list ?
response = self.app.get(
base.url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
inherited_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
assert len(inherited_perms) == 1
# test if the repository was created on filesystem
try:
vcs.get_repo(
os.path.join(
Ui.get_by_key('paths', '/').ui_value, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
pytest.fail('no repo %s in filesystem' % repo_name)
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def _get_permission_for_user(user, repo):
perm = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository ==
Repository.get_by_repo_name(repo))\
.filter(UserRepoToPerm.user == User.get_by_username(user))\
.all()
return perm
def _get_permission_for_user(user, repo):
perm = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository ==
Repository.get_by_repo_name(repo)) \
.filter(UserRepoToPerm.user == User.get_by_username(user)) \
.all()
return perm
def get_user_permission(self, repository, user):
repository = self._get_repo(repository)
user = self._get_user(user)
return UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repository) \
.scalar()
def get_user_permission(self, repository, user):
repository = Repository.guess_instance(repository)
user = User.guess_instance(user)
return UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repository) \
.scalar()
def get_user_permission(self, repository, user):
repository = self._get_repo(repository)
user = self._get_user(user)
return UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == user) \
.filter(UserRepoToPerm.repository == repository) \
.scalar()
def _create_default_perms(self, repository, private):
# create default permission
default = 'repository.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if private else default
repo_to_perm = UserRepoToPerm()
repo_to_perm.permission = Permission.get_by_key(default_perm)
repo_to_perm.repository = repository
repo_to_perm.user_id = def_user.user_id
return repo_to_perm
def test_create_in_group(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=TEST_USER_ADMIN_LOGIN)
Session().commit()
repo_name = 'ingroup'
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(
url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
))
## run the check page that triggers the flash message
response = self.app.get(
url('repo_check_home', repo_name=repo_name_full))
self.assertEqual(response.json, {u'result': True})
self.checkSessionFlash(
response, 'Created repository <a href="/%s">%s</a>' %
(repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository)\
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
self.assertEqual(new_repo.repo_name, repo_name_full)
self.assertEqual(new_repo.description, description)
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
inherited_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
self.assertEqual(len(inherited_perms), 1)
# test if the repository was created on filesystem
try:
vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
self.fail('no repo %s in filesystem' % repo_name)
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def _create_default_perms(self, repository, private):
# create default permission
default = 'repository.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if private else default
repo_to_perm = UserRepoToPerm()
repo_to_perm.permission = Permission.get_by_key(default_perm)
repo_to_perm.repository = repository
repo_to_perm.user_id = def_user.user_id
return repo_to_perm
def test_create_in_group(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=TEST_USER_ADMIN_LOGIN)
Session().commit()
repo_name = 'ingroup'
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(url('repos'),
fixture._get_repo_create_params(repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
_authentication_token=self.authentication_token()))
## run the check page that triggers the flash message
response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
self.assertEqual(response.json, {u'result': True})
self.checkSessionFlash(response,
'Created repository <a href="/%s">%s</a>'
% (repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository)\
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
self.assertEqual(new_repo.repo_name, repo_name_full)
self.assertEqual(new_repo.description, description)
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
inherited_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
self.assertEqual(len(inherited_perms), 1)
# test if the repository was created on filesystem
try:
vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
self.fail('no repo %s in filesystem' % repo_name)
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def revoke_user_permission(self, repo, user):
"""
Revoke permission for user on given repository
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
"""
user = User.guess_instance(user)
repo = Repository.guess_instance(repo)
obj = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo) \
.filter(UserRepoToPerm.user == user) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', repo, user)
def revoke_user_permission(self, repo, user):
"""
Revoke permission for user on given repository
:param repo: Instance of Repository, repository_id, or repository name
:param user: Instance of User, user_id or username
"""
user = User.guess_instance(user)
repo = Repository.guess_instance(repo)
obj = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo) \
.filter(UserRepoToPerm.user == user) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', repo, user)
def _create_repo(self, repo_name, repo_type, description, owner,
private=False, clone_uri=None, repo_group=None,
landing_rev='rev:tip', fork_of=None,
copy_fork_permissions=False, enable_statistics=False,
enable_locking=False, enable_downloads=False,
copy_group_permissions=False, state=Repository.STATE_PENDING):
"""
Create repository inside database with PENDING state. This should only be
executed by create() repo, with exception of importing existing repos.
"""
from kallithea.model.scm import ScmModel
owner = self._get_user(owner)
fork_of = self._get_repo(fork_of)
repo_group = self._get_repo_group(repo_group)
try:
repo_name = safe_unicode(repo_name)
description = safe_unicode(description)
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
new_repo = Repository()
new_repo.repo_state = state
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.user = owner
new_repo.group = repo_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
new_repo.enable_statistics = enable_statistics
new_repo.enable_locking = enable_locking
new_repo.enable_downloads = enable_downloads
if repo_group:
new_repo.enable_locking = repo_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
self.sa.add(new_repo)
if fork_of and copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
elif repo_group and copy_group_permissions:
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == repo_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == repo_group).all()
for perm in user_perms:
perm_name = perm.permission.permission_name.replace('group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserRepoToPerm.create(perm.user, new_repo, perm_obj)
for perm in group_perms:
perm_name = perm.permission.permission_name.replace('group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj)
else:
perm_obj = self._create_default_perms(new_repo, private)
self.sa.add(perm_obj)
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
owner.user_id)
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
self.sa.flush()
return new_repo
except Exception:
log.error(traceback.format_exc())
raise
def test_create_in_group_inherit_permissions(self):
self.log_user()
## create GROUP
group_name = u'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description=u'test',
owner=TEST_USER_ADMIN_LOGIN)
perm = Permission.get_by_key('repository.write')
RepoGroupModel().grant_user_permission(gr, TEST_USER_REGULAR_LOGIN, perm)
## add repo permissions
Session().commit()
repo_name = u'ingroup_inherited_%s' % self.REPO_TYPE
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = u'description for newly created repo'
response = self.app.post(url('repos'),
fixture._get_repo_create_params(repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
repo_copy_permissions=True,
_authentication_token=self.authentication_token()))
## run the check page that triggers the flash message
response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
self.checkSessionFlash(response,
'Created repository <a href="/%s">%s</a>'
% (repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository) \
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
assert new_repo.repo_name == repo_name_full
assert new_repo.description == description
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
# test if the repository was created on filesystem
try:
vcs.get_repo(safe_str(os.path.join(Ui.get_by_key('paths', '/').ui_value, repo_name_full)))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
pytest.fail('no repo %s in filesystem' % repo_name)
#check if inherited permissiona are applied
inherited_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
assert len(inherited_perms) == 2
assert TEST_USER_REGULAR_LOGIN in [x.user.username
for x in inherited_perms]
assert 'repository.write' in [x.permission.permission_name
for x in inherited_perms]
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def update(self, form_result):
perm_user = User.get_by_username(username=form_result['perm_user_name'])
try:
# stage 1 set anonymous access
if perm_user.is_default_user:
perm_user.active = str2bool(form_result['anonymous'])
# stage 2 reset defaults and set them from form data
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s', perm_name)
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
u2p = UserToPerm.query() \
.filter(UserToPerm.user == perm_user) \
.all()
for p in u2p:
Session().delete(p)
#create fresh set of permissions
for def_perm_key in ['default_repo_perm',
'default_group_perm',
'default_user_group_perm',
'default_repo_create',
'create_on_write', # special case for create repos on write access to group
#'default_repo_group_create', #not implemented yet
'default_user_group_create',
'default_fork',
'default_register',
'default_extern_activate']:
p = _make_new(perm_user, form_result[def_perm_key])
Session().add(p)
#stage 3 update all default permissions for repos if checked
if form_result['overwrite_default_repo']:
_def_name = form_result['default_repo_perm'].split('repository.')[-1]
_def = Permission.get_by_key('repository.' + _def_name)
# repos
for r2p in UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == perm_user) \
.all():
#don't reset PRIVATE repositories
if not r2p.repository.private:
r2p.permission = _def
if form_result['overwrite_default_group']:
_def_name = form_result['default_group_perm'].split('group.')[-1]
# groups
_def = Permission.get_by_key('group.' + _def_name)
for g2p in UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
if form_result['overwrite_default_user_group']:
_def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
Session().commit()
except (DatabaseError,):
log.error(traceback.format_exc())
Session().rollback()
raise
def test_create_in_group_without_needed_permissions(self):
usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
# avoid spurious RepoGroup DetachedInstanceError ...
authentication_token = self.authentication_token()
# revoke
user_model = UserModel()
# disable fork and create on default user
user_model.revoke_perm(User.DEFAULT_USER, 'hg.create.repository')
user_model.grant_perm(User.DEFAULT_USER, 'hg.create.none')
user_model.revoke_perm(User.DEFAULT_USER, 'hg.fork.repository')
user_model.grant_perm(User.DEFAULT_USER, 'hg.fork.none')
# disable on regular user
user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.repository')
user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.none')
user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.repository')
user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.none')
Session().commit()
## create GROUP
group_name = 'reg_sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=TEST_USER_ADMIN_LOGIN)
Session().commit()
group_name_allowed = 'reg_sometest_allowed_%s' % self.REPO_TYPE
gr_allowed = RepoGroupModel().create(group_name=group_name_allowed,
group_description='test',
owner=TEST_USER_REGULAR_LOGIN)
Session().commit()
repo_name = 'ingroup'
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(url('repos'),
fixture._get_repo_create_params(repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
_authentication_token=authentication_token))
response.mustcontain('Invalid value')
# user is allowed to create in this group
repo_name = 'ingroup'
repo_name_full = RepoGroup.url_sep().join([group_name_allowed, repo_name])
description = 'description for newly created repo'
response = self.app.post(url('repos'),
fixture._get_repo_create_params(repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr_allowed.group_id,
_authentication_token=authentication_token))
## run the check page that triggers the flash message
response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
self.assertEqual(response.json, {u'result': True})
self.checkSessionFlash(response,
'Created repository <a href="/%s">%s</a>'
% (repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository)\
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
self.assertEqual(new_repo.repo_name, repo_name_full)
self.assertEqual(new_repo.description, description)
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
inherited_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
self.assertEqual(len(inherited_perms), 1)
# test if the repository was created on filesystem
try:
vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
self.fail('no repo %s in filesystem' % repo_name)
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
RepoGroupModel().delete(group_name_allowed)
Session().commit()
def _create_repo(self,
repo_name,
repo_type,
description,
owner,
private=False,
clone_uri=None,
repo_group=None,
landing_rev='rev:tip',
fork_of=None,
copy_fork_permissions=False,
enable_statistics=False,
enable_locking=False,
enable_downloads=False,
copy_group_permissions=False,
state=Repository.STATE_PENDING):
"""
Create repository inside database with PENDING state. This should only be
executed by create() repo, with exception of importing existing repos.
"""
from kallithea.model.scm import ScmModel
owner = User.guess_instance(owner)
fork_of = Repository.guess_instance(fork_of)
repo_group = RepoGroup.guess_instance(repo_group)
try:
repo_name = safe_unicode(repo_name)
description = safe_unicode(description)
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
new_repo = Repository()
new_repo.repo_state = state
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.owner = owner
new_repo.group = repo_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
new_repo.enable_statistics = enable_statistics
new_repo.enable_locking = enable_locking
new_repo.enable_downloads = enable_downloads
if repo_group:
new_repo.enable_locking = repo_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
Session().add(new_repo)
if fork_of and copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
elif repo_group and copy_group_permissions:
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == repo_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == repo_group).all()
for perm in user_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserRepoToPerm.create(perm.user, new_repo, perm_obj)
for perm in group_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm_obj)
else:
self._create_default_perms(new_repo, private)
# now automatically start following this repository as owner
ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id)
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
Session().flush()
return new_repo
except Exception:
log.error(traceback.format_exc())
raise
def update(self, form_result):
perm_user = User.get_by_username(
username=form_result['perm_user_name'])
try:
# stage 1 set anonymous access
if perm_user.is_default_user:
perm_user.active = str2bool(form_result['anonymous'])
# stage 2 reset defaults and set them from form data
def _make_new(usr, perm_name):
log.debug('Creating new permission:%s', perm_name)
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
u2p = UserToPerm.query() \
.filter(UserToPerm.user == perm_user) \
.all()
for p in u2p:
Session().delete(p)
# create fresh set of permissions
for def_perm_key in [
'default_repo_perm',
'default_group_perm',
'default_user_group_perm',
'default_repo_create',
'create_on_write', # special case for create repos on write access to group
#'default_repo_group_create', # not implemented yet
'default_user_group_create',
'default_fork',
'default_register',
'default_extern_activate'
]:
p = _make_new(perm_user, form_result[def_perm_key])
Session().add(p)
# stage 3 update all default permissions for repos if checked
if form_result['overwrite_default_repo']:
_def_name = form_result['default_repo_perm'].split(
'repository.')[-1]
_def = Permission.get_by_key('repository.' + _def_name)
# repos
for r2p in UserRepoToPerm.query() \
.filter(UserRepoToPerm.user == perm_user) \
.all():
# don't reset PRIVATE repositories
if not r2p.repository.private:
r2p.permission = _def
if form_result['overwrite_default_group']:
_def_name = form_result['default_group_perm'].split(
'group.')[-1]
# groups
_def = Permission.get_by_key('group.' + _def_name)
for g2p in UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
if form_result['overwrite_default_user_group']:
_def_name = form_result['default_user_group_perm'].split(
'usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == perm_user) \
.all():
g2p.permission = _def
Session().commit()
except (DatabaseError, ):
log.error(traceback.format_exc())
Session().rollback()
raise
def test_create_in_group_inherit_permissions(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=TEST_USER_ADMIN_LOGIN)
perm = Permission.get_by_key('repository.write')
RepoGroupModel().grant_user_permission(gr, TEST_USER_REGULAR_LOGIN, perm)
## add repo permissions
Session().commit()
repo_name = 'ingroup_inherited_%s' % self.REPO_TYPE
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(url('repos'),
fixture._get_repo_create_params(repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
repo_copy_permissions=True))
## run the check page that triggers the flash message
response = self.app.get(url('repo_check_home', repo_name=repo_name_full))
self.checkSessionFlash(response,
'Created repository <a href="/%s">%s</a>'
% (repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository)\
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
self.assertEqual(new_repo.repo_name, repo_name_full)
self.assertEqual(new_repo.description, description)
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
# test if the repository was created on filesystem
try:
vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
self.fail('no repo %s in filesystem' % repo_name)
#check if inherited permissiona are applied
inherited_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
self.assertEqual(len(inherited_perms), 2)
self.assertTrue(TEST_USER_REGULAR_LOGIN in [x.user.username
for x in inherited_perms])
self.assertTrue('repository.write' in [x.permission.permission_name
for x in inherited_perms])
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def test_create_in_group_without_needed_permissions(self):
usr = self.log_user(base.TEST_USER_REGULAR_LOGIN,
base.TEST_USER_REGULAR_PASS)
# avoid spurious RepoGroup DetachedInstanceError ...
session_csrf_secret_token = self.session_csrf_secret_token()
# revoke
user_model = UserModel()
# disable fork and create on default user
user_model.revoke_perm(User.DEFAULT_USER_NAME, 'hg.create.repository')
user_model.grant_perm(User.DEFAULT_USER_NAME, 'hg.create.none')
user_model.revoke_perm(User.DEFAULT_USER_NAME, 'hg.fork.repository')
user_model.grant_perm(User.DEFAULT_USER_NAME, 'hg.fork.none')
# disable on regular user
user_model.revoke_perm(base.TEST_USER_REGULAR_LOGIN,
'hg.create.repository')
user_model.grant_perm(base.TEST_USER_REGULAR_LOGIN, 'hg.create.none')
user_model.revoke_perm(base.TEST_USER_REGULAR_LOGIN,
'hg.fork.repository')
user_model.grant_perm(base.TEST_USER_REGULAR_LOGIN, 'hg.fork.none')
Session().commit()
## create GROUP
group_name = 'reg_sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=base.TEST_USER_ADMIN_LOGIN)
Session().commit()
group_name_allowed = 'reg_sometest_allowed_%s' % self.REPO_TYPE
gr_allowed = RepoGroupModel().create(
group_name=group_name_allowed,
group_description='test',
owner=base.TEST_USER_REGULAR_LOGIN)
Session().commit()
repo_name = 'ingroup'
repo_name_full = db.URL_SEP.join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
_session_csrf_secret_token=session_csrf_secret_token))
response.mustcontain('Invalid value')
# user is allowed to create in this group
repo_name = 'ingroup'
repo_name_full = db.URL_SEP.join([group_name_allowed, repo_name])
description = 'description for newly created repo'
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr_allowed.group_id,
_session_csrf_secret_token=session_csrf_secret_token))
## run the check page that triggers the flash message
response = self.app.get(
base.url('repo_check_home', repo_name=repo_name_full))
assert response.json == {'result': True}
self.checkSessionFlash(
response, 'Created repository <a href="/%s">%s</a>' %
(repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository) \
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
assert new_repo.repo_name == repo_name_full
assert new_repo.description == description
# test if the repository is visible in the list ?
response = self.app.get(
base.url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
inherited_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
assert len(inherited_perms) == 1
# test if the repository was created on filesystem
try:
vcs.get_repo(
os.path.join(
Ui.get_by_key('paths', '/').ui_value, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
pytest.fail('no repo %s in filesystem' % repo_name)
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
RepoGroupModel().delete(group_name_allowed)
Session().commit()
def test_create_in_group_without_needed_permissions(self):
usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
# revoke
user_model = UserModel()
# disable fork and create on default user
user_model.revoke_perm(User.DEFAULT_USER, 'hg.create.repository')
user_model.grant_perm(User.DEFAULT_USER, 'hg.create.none')
user_model.revoke_perm(User.DEFAULT_USER, 'hg.fork.repository')
user_model.grant_perm(User.DEFAULT_USER, 'hg.fork.none')
# disable on regular user
user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.repository')
user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.none')
user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.repository')
user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.none')
Session().commit()
## create GROUP
group_name = 'reg_sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=TEST_USER_ADMIN_LOGIN)
Session().commit()
group_name_allowed = 'reg_sometest_allowed_%s' % self.REPO_TYPE
gr_allowed = RepoGroupModel().create(group_name=group_name_allowed,
group_description='test',
owner=TEST_USER_REGULAR_LOGIN)
Session().commit()
repo_name = 'ingroup'
repo_name_full = RepoGroup.url_sep().join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(
url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
))
response.mustcontain('Invalid value')
# user is allowed to create in this group
repo_name = 'ingroup'
repo_name_full = RepoGroup.url_sep().join(
[group_name_allowed, repo_name])
description = 'description for newly created repo'
response = self.app.post(
url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr_allowed.group_id,
))
## run the check page that triggers the flash message
response = self.app.get(
url('repo_check_home', repo_name=repo_name_full))
self.assertEqual(response.json, {u'result': True})
self.checkSessionFlash(
response, 'Created repository <a href="/%s">%s</a>' %
(repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository)\
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
self.assertEqual(new_repo.repo_name, repo_name_full)
self.assertEqual(new_repo.description, description)
# test if the repository is visible in the list ?
response = self.app.get(url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
inherited_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
self.assertEqual(len(inherited_perms), 1)
# test if the repository was created on filesystem
try:
vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
self.fail('no repo %s in filesystem' % repo_name)
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
RepoGroupModel().delete(group_name_allowed)
Session().commit()