def populate_default_permissions(self): log.info('creating default user permissions') default_user = self.sa.query(User)\ .filter(User.username == 'default').scalar() reg_perm = UserToPerm() reg_perm.user = default_user reg_perm.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == 'hg.register.manual_activate')\ .scalar() create_repo_perm = UserToPerm() create_repo_perm.user = default_user create_repo_perm.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == 'hg.create.repository')\ .scalar() default_repo_perm = UserToPerm() default_repo_perm.user = default_user default_repo_perm.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == 'repository.read')\ .scalar() try: self.sa.add(reg_perm) self.sa.add(create_repo_perm) self.sa.add(default_repo_perm) self.sa.commit() except: self.sa.rollback() raise
def update_perm(self, id): """PUT /users_perm/id: Update an existing item""" # url('user_perm', id=ID, method='put') grant_perm = request.POST.get('create_repo_perm', False) if grant_perm: perm = Permission.get_by_key('hg.create.none') UserToPerm.revoke_perm(id, perm) perm = Permission.get_by_key('hg.create.repository') UserToPerm.grant_perm(id, perm) h.flash(_("Granted 'repository create' permission to user"), category='success') else: perm = Permission.get_by_key('hg.create.repository') UserToPerm.revoke_perm(id, perm) perm = Permission.get_by_key('hg.create.none') UserToPerm.grant_perm(id, perm) h.flash(_("Revoked 'repository create' permission to user"), category='success') return redirect(url('edit_user', id=id))
def create_default_permissions(self, user): """ Creates only missing default permissions for user :param user: """ user = self._get_user(user) def _make_perm(perm): new_perm = UserToPerm() new_perm.user = user new_perm.permission = Permission.get_by_key(perm) return new_perm def _get_group(perm_name): return '.'.join(perm_name.split('.')[:1]) perms = UserToPerm.query().filter(UserToPerm.user == user).all() defined_perms_groups = map(_get_group, (x.permission.permission_name for x in perms)) log.debug('GOT ALREADY DEFINED:%s' % perms) DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS # for every default permission that needs to be created, we check if # it's group is already defined, if it's not we create default perm for perm_name in DEFAULT_PERMS: gr = _get_group(perm_name) if gr not in defined_perms_groups: log.debug('GR:%s not found, creating permission %s' % (gr, perm_name)) new_perm = _make_perm(perm_name) self.sa.add(new_perm)
def _test_def_perm_equal(self, user, change_factor=0): perms = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .all() self.assertEqual(len(perms), len(Permission.DEFAULT_USER_PERMISSIONS,)+change_factor, msg=perms)
def update(self, id): """PUT /users/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('update_user', id=ID), # method='put') # url('user', id=ID) user_model = UserModel() c.user = user_model.get(id) _form = UserForm(edit=True, old_data={'user_id': id, 'email': c.user.email})() form_result = {} try: form_result = _form.to_python(dict(request.POST)) user_model.update(id, form_result) h.flash(_('User updated successfully'), category='success') except formencode.Invalid, errors: e = errors.error_dict or {} perm = Permission.get_by_key('hg.create.repository') e.update({'create_repo_perm': UserToPerm.has_perm(id, perm)}) return htmlfill.render( render('admin/users/user_edit.html'), defaults=errors.value, errors=e, prefix_error=False, encoding="UTF-8")
def has_perm(self, user, perm): perm = self._get_perm(perm) user = self._get_user(user) return ( UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar() is not None )
def grant_perm(self, user, perm): """ Grant user global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) # if this permission is already granted skip it _perm = UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar() if _perm: return new = UserToPerm() new.user = user new.permission = perm self.sa.add(new)
def _test_def_perm_equal(self, user, change_factor=0): perms = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .all() self.assertEqual(len(perms), len(Permission.DEFAULT_USER_PERMISSIONS, ) + change_factor, msg=perms)
def has_perm(self, user, perm): if not isinstance(perm, Permission): raise Exception('perm needs to be an instance of Permission class ' 'got %s instead' % type(perm)) user = self.__get_user(user) return UserToPerm.query().filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm).scalar() is not None
def _test_def_user_perm_equal(self, user, change_factor=0, compare_keys=None): perms = UserToPerm.query().filter(UserToPerm.user == user).all() assert len(perms) == \ len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor if compare_keys: assert set(x.permissions.permission_name for x in perms) == compare_keys
def populate_default_permissions(self): log.info("creating default user permissions") default_user = User.get_by_username("default") for def_perm in User.DEFAULT_PERMISSIONS: perm = self.sa.query(Permission).filter(Permission.permission_name == def_perm).scalar() if not perm: raise Exception("CRITICAL: permission %s not found inside database !!" % def_perm) if ( not UserToPerm.query() .filter(UserToPerm.permission == perm) .filter(UserToPerm.user == default_user) .scalar() ): reg_perm = UserToPerm() reg_perm.user = default_user reg_perm.permission = perm self.sa.add(reg_perm)
def grant_perm(self, user, perm): """ Grant user global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) # if this permission is already granted skip it _perm = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm)\ .scalar() if _perm: return new = UserToPerm() new.user = user new.permission = perm self.sa.add(new)
def create_default_user_permissions(self, user, force=False): """ Creates only missing default permissions for user, if force is set it resets the default permissions for that user :param user: :param force: """ user = self._get_user(user) obj_perms = UserToPerm.query().filter(UserToPerm.user == user).all() return self._create_default_object_permission('user', user, obj_perms, force)
def revoke_perm(self, user, perm): """ Revoke users global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) obj = UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar() if obj: self.sa.delete(obj)
def create_default_user_group_permissions(self, user_group, force=False): """ Creates only missing default permissions for user group, if force is set it resets the default permissions for that user group :param user_group: :param force: """ user_group = self._get_user_group(user_group) obj_perms = UserToPerm.query().filter( UserGroupToPerm.users_group == user_group).all() return self._create_default_object_permission('user_group', user_group, obj_perms, force)
def populate_default_permissions(self): log.info('creating default user permissions') default_user = User.get_by_username('default') for def_perm in User.DEFAULT_PERMISSIONS: perm = self.sa.query(Permission)\ .filter(Permission.permission_name == def_perm)\ .scalar() if not perm: raise Exception( 'CRITICAL: permission %s not found inside database !!' % def_perm ) if not UserToPerm.query()\ .filter(UserToPerm.permission == perm)\ .filter(UserToPerm.user == default_user).scalar(): reg_perm = UserToPerm() reg_perm.user = default_user reg_perm.permission = perm self.sa.add(reg_perm)
def test_set_default_permissions_after_one_is_missing(self): PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1) # now we delete one, it should be re-created after another call perms = UserToPerm.query().filter(UserToPerm.user == self.u1).all() Session().delete(perms[0]) Session().commit() self._test_def_user_perm_equal(user=self.u1, change_factor=-1) # create missing one ! PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1)
def test_set_default_permissions_after_one_is_missing(self): PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1) #now we delete one, it should be re-created after another call perms = UserToPerm.query()\ .filter(UserToPerm.user == self.u1)\ .all() Session().delete(perms[0]) Session().commit() self._test_def_perm_equal(user=self.u1, change_factor=-1) #create missing one ! PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1)
def revoke_perm(self, user, perm): """ Revoke users global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) obj = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm)\ .scalar() if obj: self.sa.delete(obj)
def test_set_default_permissions_after_modification(self, perm, modify_to): PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1) old = Permission.get_by_key(perm) new = Permission.get_by_key(modify_to) assert old is not None assert new is not None # now modify permissions p = UserToPerm.query().filter(UserToPerm.user == self.u1).filter( UserToPerm.permission == old).one() p.permission = new Session().add(p) Session().commit() PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1)
def test_set_default_permissions_after_modification(self, perm, modify_to): PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1) old = Permission.get_by_key(perm) new = Permission.get_by_key(modify_to) self.assertNotEqual(old, None) self.assertNotEqual(new, None) #now modify permissions p = UserToPerm.query()\ .filter(UserToPerm.user == self.u1)\ .filter(UserToPerm.permission == old)\ .one() p.permission = new Session().add(p) Session().commit() PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1)
def reset_permissions(self, username): """ Resets permissions to default state, useful when old systems had bad permissions, we must clean them up :param username: """ default_user = User.get_by_username(username) if not default_user: return u2p = UserToPerm.query()\ .filter(UserToPerm.user == default_user).all() fixed = False if len(u2p) != len(Permission.DEFAULT_USER_PERMISSIONS): for p in u2p: Session().delete(p) fixed = True self.populate_default_permissions() return fixed
def reset_permissions(self, username): """ Resets permissions to default state, usefull when old systems had bad permissions, we must clean them up :param username: :type username: """ default_user = User.get_by_username(username) if not default_user: return u2p = UserToPerm.query().filter(UserToPerm.user == default_user).all() fixed = False if len(u2p) != len(User.DEFAULT_PERMISSIONS): for p in u2p: Session().delete(p) fixed = True self.populate_default_permissions() return fixed
def update_perm(self, id): """PUT /users_perm/id: Update an existing item""" # url('user_perm', id=ID, method='put') user = User.get_or_404(id) try: form = CustomDefaultPermissionsForm()() form_result = form.to_python(request.POST) inherit_perms = form_result['inherit_default_permissions'] user.inherit_default_permissions = inherit_perms Session().add(user) user_model = UserModel() defs = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .all() for ug in defs: Session().delete(ug) if form_result['create_repo_perm']: user_model.grant_perm(id, 'hg.create.repository') else: user_model.grant_perm(id, 'hg.create.none') if form_result['create_user_group_perm']: user_model.grant_perm(id, 'hg.usergroup.create.true') else: user_model.grant_perm(id, 'hg.usergroup.create.false') if form_result['fork_repo_perm']: user_model.grant_perm(id, 'hg.fork.repository') else: user_model.grant_perm(id, 'hg.fork.none') h.flash(_("Updated permissions"), category='success') Session().commit() except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred during permissions saving'), category='error') return redirect(url('edit_user', id=id))
def edit(self, id, format='html'): """GET /users/id/edit: Form to edit an existing item""" # url('edit_user', id=ID) user_model = UserModel() c.user = user_model.get(id) if not c.user: return redirect(url('users')) if c.user.username == 'default': h.flash(_("You can't edit this user"), category='warning') return redirect(url('users')) c.user.permissions = {} c.granted_permissions = user_model.fill_perms(c.user)\ .permissions['global'] defaults = c.user.get_dict() perm = Permission.get_by_key('hg.create.repository') defaults.update({'create_repo_perm': UserToPerm.has_perm(id, perm)}) return htmlfill.render( render('admin/users/user_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def populate_default_permissions(self): log.info('creating default user permissions') default_user = self.sa.query(User)\ .filter(User.username == 'default').scalar() reg_perm = UserToPerm() reg_perm.user = default_user reg_perm.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == 'hg.register.manual_activate')\ .scalar() create_repo_perm = UserToPerm() create_repo_perm.user = default_user create_repo_perm.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == 'hg.create.repository')\ .scalar() default_repo_perm = UserToPerm() default_repo_perm.user = default_user default_repo_perm.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == 'repository.read')\ .scalar() self.sa.add(reg_perm) self.sa.add(create_repo_perm) self.sa.add(default_repo_perm)
def step_6(self): notify('re-checking permissions') self.klass.create_permissions() notify('installing new UI options') sett4 = RhodeCodeSetting('show_public_icon', True) Session().add(sett4) sett5 = RhodeCodeSetting('show_private_icon', True) Session().add(sett5) sett6 = RhodeCodeSetting('stylify_metatags', False) Session().add(sett6) notify('fixing old PULL hook') _pull = RhodeCodeUi.get_by_key('preoutgoing.pull_logger') if _pull: _pull.ui_key = RhodeCodeUi.HOOK_PULL Session().add(_pull) notify('fixing old PUSH hook') _push = RhodeCodeUi.get_by_key('pretxnchangegroup.push_logger') if _push: _push.ui_key = RhodeCodeUi.HOOK_PUSH Session().add(_push) notify('installing new pre-push hook') hooks4 = RhodeCodeUi() hooks4.ui_section = 'hooks' hooks4.ui_key = RhodeCodeUi.HOOK_PRE_PUSH hooks4.ui_value = 'python:rhodecode.lib.hooks.pre_push' Session().add(hooks4) notify('installing new pre-pull hook') hooks6 = RhodeCodeUi() hooks6.ui_section = 'hooks' hooks6.ui_key = RhodeCodeUi.HOOK_PRE_PULL hooks6.ui_value = 'python:rhodecode.lib.hooks.pre_pull' Session().add(hooks6) notify('installing hgsubversion option') # enable hgsubversion disabled by default hgsubversion = RhodeCodeUi() hgsubversion.ui_section = 'extensions' hgsubversion.ui_key = 'hgsubversion' hgsubversion.ui_value = '' hgsubversion.ui_active = False Session().add(hgsubversion) notify('installing hg git option') # enable hggit disabled by default hggit = RhodeCodeUi() hggit.ui_section = 'extensions' hggit.ui_key = 'hggit' hggit.ui_value = '' hggit.ui_active = False Session().add(hggit) notify('re-check default permissions') default_user = User.get_by_username(User.DEFAULT_USER) perm = Permission.get_by_key('hg.fork.repository') reg_perm = UserToPerm() reg_perm.user = default_user reg_perm.permission = perm Session().add(reg_perm)
def _make_perm(perm): new_perm = UserToPerm() new_perm.user = user new_perm.permission = Permission.get_by_key(perm) return new_perm
def _make_new(usr, perm_name): log.debug('Creating new permission:%s' % (perm_name)) new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new
def has_perm(self, user, perm): perm = self._get_perm(perm) user = self._get_user(user) return UserToPerm.query().filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm).scalar() is not None
def _make_new_user_perm(self, user, perm_name): log.debug('Creating new user permission:%s', perm_name) new = UserToPerm() new.user = user new.permission = Permission.get_by_key(perm_name) return new
def _make_new(usr, perm_name): new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new