def validate_python(self, value, state):
if value in ['default']:
msg = self.message('invalid_group', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(users_group_name=msg))
#check if group is unique
old_ugname = None
if edit:
old_id = old_data.get('users_group_id')
old_ugname = UserGroup.get(old_id).users_group_name
if old_ugname != value or not edit:
is_existing_group = UserGroup.get_by_group_name(
value, case_insensitive=True)
if is_existing_group:
msg = self.message('group_exist', state, usergroup=value)
raise formencode.Invalid(
msg,
value,
state,
error_dict=dict(users_group_name=msg))
if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
msg = self.message('invalid_usergroup_name', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(users_group_name=msg))
def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' % target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group, user_group)
return obj
def validate_python(self, value, state):
if value in ['default']:
msg = M(self, 'invalid_group', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
#check if group is unique
old_ugname = None
if edit:
old_id = old_data.get('users_group_id')
old_ugname = UserGroup.get(old_id).users_group_name
if old_ugname != value or not edit:
is_existing_group = UserGroup.get_by_group_name(value,
case_insensitive=True)
if is_existing_group:
msg = M(self, 'group_exist', state, usergroup=value)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
msg = M(self, 'invalid_usergroup_name', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' %
target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group,
user_group)
return obj
def edit_perms(self, id):
c.user_group = UserGroup.get_or_404(id)
c.active = 'perms'
repo_model = RepoModel()
c.users_array = repo_model.get_users_js()
c.user_groups_array = repo_model.get_user_groups_js()
defaults = {}
# fill user group users
for p in c.user_group.user_user_group_to_perm:
defaults.update(
{'u_perm_%s' % p.user.username: p.permission.permission_name})
for p in c.user_group.user_group_user_group_to_perm:
defaults.update({
'g_perm_%s' % p.user_group.users_group_name:
p.permission.permission_name
})
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def test_enforce_groups(self, pre_existing, regular_should_be,
external_should_be, groups, expected):
# delete all groups
for gr in UserGroup.query():
fixture.destroy_user_group(gr)
Session().commit()
user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
for gr in pre_existing:
gr = fixture.create_user_group(gr)
Session().commit()
# make sure use is just in those groups
for gr in regular_should_be:
gr = fixture.create_user_group(gr)
Session().commit()
UserGroupModel().add_user_to_group(gr, user)
Session().commit()
# now special external groups created by auth plugins
for gr in external_should_be:
gr = fixture.create_user_group(gr, user_group_data={'extern_type': 'container'})
Session().commit()
UserGroupModel().add_user_to_group(gr, user)
Session().commit()
UserGroupModel().enforce_groups(user, groups, 'container')
Session().commit()
user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
in_groups = user.group_member
assert expected == [x.users_group.users_group_name for x in in_groups]
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def test_enforce_groups(self, pre_existing, regular_should_be,
external_should_be, groups, expected):
# delete all groups
for gr in UserGroup.query():
fixture.destroy_user_group(gr)
Session().commit()
user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN)
for gr in pre_existing:
gr = fixture.create_user_group(gr)
Session().commit()
# make sure use is just in those groups
for gr in regular_should_be:
gr = fixture.create_user_group(gr)
Session().commit()
UserGroupModel().add_user_to_group(gr, user)
Session().commit()
# now special external groups created by auth plugins
for gr in external_should_be:
gr = fixture.create_user_group(
gr, user_group_data={'extern_type': 'container'})
Session().commit()
UserGroupModel().add_user_to_group(gr, user)
Session().commit()
UserGroupModel().enforce_groups(user, groups, 'container')
Session().commit()
user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN)
in_groups = user.group_member
assert sorted(expected) == sorted(x.users_group.users_group_name
for x in in_groups)
def create_user_group(self, name, **kwargs):
if 'skip_if_exists' in kwargs:
del kwargs['skip_if_exists']
gr = UserGroup.get_by_group_name(group_name=name)
if gr:
return gr
form_data = self._get_user_group_create_params(name, **kwargs)
owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
user_group = UserGroupModel().create(
name=form_data['users_group_name'],
description=form_data['user_group_description'],
owner=owner, active=form_data['users_group_active'],
group_data=form_data['user_group_data'])
Session().commit()
user_group = UserGroup.get_by_group_name(user_group.users_group_name)
return user_group
def test_create_and_remove(self):
usr = UserModel().create_or_update(username=u'test_user',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1', lastname=u'u1')
Session().commit()
assert User.get_by_username(u'test_user') == usr
assert User.get_by_username(u'test_USER', case_insensitive=True) == usr
# User.get_by_username without explicit request for case insensitivty
# will use database case sensitivity. The following will thus return
# None on for example PostgreSQL but find test_user on MySQL - we are
# fine with leaving that as undefined as long as it doesn't crash.
User.get_by_username(u'test_USER', case_insensitive=False)
# make user group
user_group = fixture.create_user_group(u'some_example_group')
Session().commit()
UserGroupModel().add_user_to_group(user_group, usr)
Session().commit()
assert UserGroup.get(user_group.users_group_id) == user_group
assert UserGroupMember.query().count() == 1
UserModel().delete(usr.user_id)
Session().commit()
assert UserGroupMember.query().all() == []
def enforce_groups(self, user, groups, extern_type=None):
user = User.guess_instance(user)
log.debug('Enforcing groups %s on user %s', user, groups)
current_groups = user.group_member
# find the external created groups
externals = [
x.users_group for x in current_groups
if 'extern_type' in x.users_group.group_data
]
# calculate from what groups user should be removed
# externals that are not in groups
for gr in externals:
if gr.users_group_name not in groups:
log.debug('Removing user %s from user group %s', user, gr)
self.remove_user_from_group(gr, user)
# now we calculate in which groups user should be == groups params
owner = User.get_first_admin().username
for gr in set(groups):
existing_group = UserGroup.get_by_group_name(gr)
if not existing_group:
desc = u'Automatically created from plugin:%s' % extern_type
# we use first admin account to set the owner of the group
existing_group = UserGroupModel().create(
gr, desc, owner, group_data={'extern_type': extern_type})
# we can only add users to special groups created via plugins
managed = 'extern_type' in existing_group.group_data
if managed:
log.debug('Adding user %s to user group %s', user, gr)
UserGroupModel().add_user_to_group(existing_group, user)
else:
log.debug('Skipping addition to group %s since it is '
'not managed by auth plugins' % gr)
def enforce_groups(self, user, groups, extern_type=None):
user = User.guess_instance(user)
log.debug('Enforcing groups %s on user %s', user, groups)
current_groups = user.group_member
# find the external created groups
externals = [x.users_group for x in current_groups
if 'extern_type' in x.users_group.group_data]
# calculate from what groups user should be removed
# externals that are not in groups
for gr in externals:
if gr.users_group_name not in groups:
log.debug('Removing user %s from user group %s', user, gr)
self.remove_user_from_group(gr, user)
# now we calculate in which groups user should be == groups params
owner = User.get_first_admin().username
for gr in set(groups):
existing_group = UserGroup.get_by_group_name(gr)
if not existing_group:
desc = u'Automatically created from plugin:%s' % extern_type
# we use first admin account to set the owner of the group
existing_group = UserGroupModel().create(gr, desc, owner,
group_data={'extern_type': extern_type})
# we can only add users to special groups created via plugins
managed = 'extern_type' in existing_group.group_data
if managed:
log.debug('Adding user %s to user group %s', user, gr)
UserGroupModel().add_user_to_group(existing_group, user)
else:
log.debug('Skipping addition to group %s since it is '
'not managed by auth plugins' % gr)
def edit_members(self, id):
c.user_group = UserGroup.get_or_404(id)
c.active = 'members'
c.group_members_obj = sorted((x.user for x in c.user_group.members),
key=lambda u: u.username.lower())
c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
return render('admin/user_groups/user_group_edit.html')
def revoke_user_group_permission(self, target_user_group, user_group):
"""
Revoke user group permission for given target_user_group
:param target_user_group:
:param user_group:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', target_user_group, user_group)
def create_user_group(self, name, **kwargs):
if 'skip_if_exists' in kwargs:
del kwargs['skip_if_exists']
gr = UserGroup.get_by_group_name(group_name=name)
if gr:
return gr
form_data = self._get_user_group_create_params(name, **kwargs)
owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
user_group = UserGroupModel().create(
name=form_data['users_group_name'],
description=form_data['user_group_description'],
owner=owner,
active=form_data['users_group_active'],
group_data=form_data['user_group_data'])
Session().commit()
user_group = UserGroup.get_by_group_name(user_group.users_group_name)
return user_group
def __load_defaults(self, user_group_id):
"""
Load defaults settings for edit, and update
:param user_group_id:
"""
user_group = UserGroup.get_or_404(user_group_id)
data = user_group.get_dict()
return data
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def revoke_user_group_permission(self, target_user_group, user_group):
"""
Revoke user group permission for given target_user_group
:param target_user_group:
:param user_group:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', target_user_group,
user_group)
def edit_members(self, id):
c.user_group = UserGroup.get_or_404(id)
c.active = 'members'
c.group_members_obj = sorted((x.user for x in c.user_group.members),
key=lambda u: u.username.lower())
c.group_members = [(x.user_id, x.username)
for x in c.group_members_obj]
return render('admin/user_groups/user_group_edit.html')
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def __load_defaults(self, user_group_id):
"""
Load defaults settings for edit, and update
:param user_group_id:
"""
user_group = UserGroup.get_or_404(user_group_id)
data = user_group.get_dict()
return data
def edit(self, id, format='html'):
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
defaults = self.__load_defaults(id)
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def get_user_groups_js(self):
user_groups = UserGroup.query() \
.filter(UserGroup.users_group_active == True) \
.order_by(UserGroup.users_group_name) \
.options(subqueryload(UserGroup.members)) \
.all()
user_groups = UserGroupList(user_groups, perm_level='read')
return [{
'id': gr.users_group_id,
'grname': gr.users_group_name,
'grmembers': len(gr.members),
} for gr in user_groups]
def delete(self, id):
usr_gr = UserGroup.get_or_404(id)
try:
UserGroupModel().delete(usr_gr)
Session().commit()
h.flash(_('Successfully deleted user group'), category='success')
except UserGroupsAssignedException as e:
h.flash(e, category='error')
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during deletion of user group'),
category='error')
raise HTTPFound(location=url('users_groups'))
def get_user_groups_js(self):
user_groups = UserGroup.query() \
.filter(UserGroup.users_group_active == True) \
.order_by(UserGroup.users_group_name) \
.options(subqueryload(UserGroup.members)) \
.all()
user_groups = UserGroupList(user_groups, perm_level='read')
return [
{
'id': gr.users_group_id,
'grname': gr.users_group_name,
'grmembers': len(gr.members),
} for gr in user_groups]
def edit(self, id, format='html'):
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
defaults = self.__load_defaults(id)
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def delete(self, id):
usr_gr = UserGroup.get_or_404(id)
try:
UserGroupModel().delete(usr_gr)
Session().commit()
h.flash(_('Successfully deleted user group'), category='success')
except UserGroupsAssignedException as e:
h.flash(e, category='error')
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during deletion of user group'),
category='error')
raise HTTPFound(location=url('users_groups'))
def edit(self, id, format='html'):
"""GET /user_groups/id/edit: Form to edit an existing item"""
# url('edit_users_group', id=ID)
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
defaults = self.__load_defaults(id)
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def delete(self, id):
"""DELETE /user_groups/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='delete')
# url('users_group', id=ID)
usr_gr = UserGroup.get_or_404(id)
try:
UserGroupModel().delete(usr_gr)
Session().commit()
h.flash(_('Successfully deleted user group'), category='success')
except UserGroupsAssignedException, e:
h.flash(e, category='error')
def delete(self, id):
"""DELETE /user_groups/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='delete')
# url('users_group', id=ID)
usr_gr = UserGroup.get_or_404(id)
try:
UserGroupModel().delete(usr_gr)
Session().commit()
h.flash(_('Successfully deleted user group'), category='success')
except UserGroupsAssignedException, e:
h.flash(e, category='error')
def index(self, format='html'):
"""GET /users_groups: All items in the collection"""
# url('users_groups')
_list = UserGroup.query()\
.order_by(func.lower(UserGroup.users_group_name))\
.all()
group_iter = UserGroupList(_list, perm_set=['usergroup.admin'])
user_groups_data = []
total_records = len(group_iter)
_tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup
template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
user_group_name = lambda user_group_id, user_group_name: (
template.get_def("user_group_name").render(
user_group_id, user_group_name, _=_, h=h, c=c))
user_group_actions = lambda user_group_id, user_group_name: (
template.get_def("user_group_actions").render(
user_group_id, user_group_name, _=_, h=h, c=c))
for user_gr in group_iter:
user_groups_data.append({
"raw_name":
user_gr.users_group_name,
"group_name":
user_group_name(user_gr.users_group_id,
user_gr.users_group_name),
"desc":
user_gr.user_group_description,
"members":
len(user_gr.members),
"active":
h.boolicon(user_gr.users_group_active),
"owner":
h.person(user_gr.user.username),
"action":
user_group_actions(user_gr.users_group_id,
user_gr.users_group_name)
})
c.data = json.dumps({
"totalRecords": total_records,
"startIndex": 0,
"sort": None,
"dir": "asc",
"records": user_groups_data
})
return render('admin/user_groups/user_groups.html')
def edit(self, id, format='html'):
"""GET /user_groups/id/edit: Form to edit an existing item"""
# url('edit_users_group', id=ID)
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
defaults = self.__load_defaults(id)
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def update(self, id):
"""PUT /user_groups/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='put')
# url('users_group', id=ID)
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
available_members = [safe_unicode(x[0]) for x in c.available_members]
users_group_form = UserGroupForm(edit=True,
old_data=c.user_group.get_dict(),
available_members=available_members)()
try:
form_result = users_group_form.to_python(request.POST)
UserGroupModel().update(c.user_group, form_result)
gr = form_result['users_group_name']
action_logger(self.authuser, 'admin_updated_users_group:%s' % gr,
None, self.ip_addr, self.sa)
h.flash(_('Updated user group %s') % gr, category='success')
Session().commit()
except formencode.Invalid, errors:
ug_model = UserGroupModel()
defaults = errors.value
e = errors.error_dict or {}
defaults.update({
'create_repo_perm':
ug_model.has_perm(id, 'hg.create.repository'),
'fork_repo_perm':
ug_model.has_perm(id, 'hg.fork.repository'),
'_method':
'put'
})
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
errors=e,
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
def edit_default_perms(self, id):
c.user_group = UserGroup.get_or_404(id)
c.active = 'default_perms'
permissions = {
'repositories': {},
'repositories_groups': {}
}
ugroup_repo_perms = UserGroupRepoToPerm.query() \
.options(joinedload(UserGroupRepoToPerm.permission)) \
.options(joinedload(UserGroupRepoToPerm.repository)) \
.filter(UserGroupRepoToPerm.users_group_id == id) \
.all()
for gr in ugroup_repo_perms:
permissions['repositories'][gr.repository.repo_name] \
= gr.permission.permission_name
ugroup_group_perms = UserGroupRepoGroupToPerm.query() \
.options(joinedload(UserGroupRepoGroupToPerm.permission)) \
.options(joinedload(UserGroupRepoGroupToPerm.group)) \
.filter(UserGroupRepoGroupToPerm.users_group_id == id) \
.all()
for gr in ugroup_group_perms:
permissions['repositories_groups'][gr.group.group_name] \
= gr.permission.permission_name
c.permissions = permissions
ug_model = UserGroupModel()
defaults = c.user_group.get_dict()
defaults.update({
'create_repo_perm': ug_model.has_perm(c.user_group,
'hg.create.repository'),
'create_user_group_perm': ug_model.has_perm(c.user_group,
'hg.usergroup.create.true'),
'fork_repo_perm': ug_model.has_perm(c.user_group,
'hg.fork.repository'),
})
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def update(self, id):
"""PUT /user_groups/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='put')
# url('users_group', id=ID)
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
available_members = [safe_unicode(x[0]) for x in c.available_members]
users_group_form = UserGroupForm(edit=True,
old_data=c.user_group.get_dict(),
available_members=available_members)()
try:
form_result = users_group_form.to_python(request.POST)
UserGroupModel().update(c.user_group, form_result)
gr = form_result['users_group_name']
action_logger(self.authuser,
'admin_updated_users_group:%s' % gr,
None, self.ip_addr, self.sa)
h.flash(_('Updated user group %s') % gr, category='success')
Session().commit()
except formencode.Invalid, errors:
ug_model = UserGroupModel()
defaults = errors.value
e = errors.error_dict or {}
defaults.update({
'create_repo_perm': ug_model.has_perm(id,
'hg.create.repository'),
'fork_repo_perm': ug_model.has_perm(id,
'hg.fork.repository'),
'_method': 'put'
})
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
errors=e,
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def index(self, format='html'):
_list = UserGroup.query() \
.order_by(func.lower(UserGroup.users_group_name)) \
.all()
group_iter = UserGroupList(_list, perm_level='admin')
user_groups_data = []
total_records = len(group_iter)
_tmpl_lookup = app_globals.mako_lookup
template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
user_group_name = lambda user_group_id, user_group_name: (
template.get_def("user_group_name").render(
user_group_id, user_group_name, _=_, h=h, c=c))
user_group_actions = lambda user_group_id, user_group_name: (
template.get_def("user_group_actions").render(
user_group_id, user_group_name, _=_, h=h, c=c))
for user_gr in group_iter:
user_groups_data.append({
"raw_name":
user_gr.users_group_name,
"group_name":
user_group_name(user_gr.users_group_id,
user_gr.users_group_name),
"desc":
h.escape(user_gr.user_group_description),
"members":
len(user_gr.members),
"active":
h.boolicon(user_gr.users_group_active),
"owner":
h.person(user_gr.owner.username),
"action":
user_group_actions(user_gr.users_group_id,
user_gr.users_group_name)
})
c.data = {
"totalRecords": total_records,
"startIndex": 0,
"sort": None,
"dir": "asc",
"records": user_groups_data
}
return render('admin/user_groups/user_groups.html')
def update(self, id):
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
available_members = [safe_str(x[0]) for x in c.available_members]
users_group_form = UserGroupForm(edit=True,
old_data=c.user_group.get_dict(),
available_members=available_members)()
try:
form_result = users_group_form.to_python(request.POST)
UserGroupModel().update(c.user_group, form_result)
gr = form_result['users_group_name']
action_logger(request.authuser,
'admin_updated_users_group:%s' % gr, None,
request.ip_addr)
h.flash(_('Updated user group %s') % gr, category='success')
Session().commit()
except formencode.Invalid as errors:
ug_model = UserGroupModel()
defaults = errors.value
e = errors.error_dict or {}
defaults.update({
'create_repo_perm':
ug_model.has_perm(id, 'hg.create.repository'),
'fork_repo_perm':
ug_model.has_perm(id, 'hg.fork.repository'),
})
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
errors=e,
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except Exception:
log.error(traceback.format_exc())
h.flash(_('Error occurred during update of user group %s') %
request.POST.get('users_group_name'),
category='error')
raise HTTPFound(location=url('edit_users_group', id=id))
def revoke_user_group_permission(self, repo, group_name):
"""
Revoke permission for user group on given repository
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo) \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm to %s on %s', repo, group_name)
def revoke_user_group_permission(self, repo, group_name):
"""
Revoke permission for user group on given repository
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo) \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm to %s on %s', repo, group_name)
def update(self, id):
c.user_group = UserGroup.get_or_404(id)
c.active = 'settings'
self.__load_data(id)
available_members = [safe_unicode(x[0]) for x in c.available_members]
users_group_form = UserGroupForm(edit=True,
old_data=c.user_group.get_dict(),
available_members=available_members)()
try:
form_result = users_group_form.to_python(request.POST)
UserGroupModel().update(c.user_group, form_result)
gr = form_result['users_group_name']
action_logger(request.authuser,
'admin_updated_users_group:%s' % gr,
None, request.ip_addr)
h.flash(_('Updated user group %s') % gr, category='success')
Session().commit()
except formencode.Invalid as errors:
ug_model = UserGroupModel()
defaults = errors.value
e = errors.error_dict or {}
defaults.update({
'create_repo_perm': ug_model.has_perm(id,
'hg.create.repository'),
'fork_repo_perm': ug_model.has_perm(id,
'hg.fork.repository'),
})
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
errors=e,
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except Exception:
log.error(traceback.format_exc())
h.flash(_('Error occurred during update of user group %s') \
% request.POST.get('users_group_name'), category='error')
raise HTTPFound(location=url('edit_users_group', id=id))
def revoke_user_permission(self, user_group, user):
"""
Revoke permission for user on given repository group
:param user_group: Instance of RepoGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', user_group, user)
def edit_default_perms(self, id):
c.user_group = UserGroup.get_or_404(id)
c.active = 'default_perms'
permissions = {'repositories': {}, 'repositories_groups': {}}
ugroup_repo_perms = UserGroupRepoToPerm.query()\
.options(joinedload(UserGroupRepoToPerm.permission))\
.options(joinedload(UserGroupRepoToPerm.repository))\
.filter(UserGroupRepoToPerm.users_group_id == id)\
.all()
for gr in ugroup_repo_perms:
permissions['repositories'][gr.repository.repo_name] \
= gr.permission.permission_name
ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
.options(joinedload(UserGroupRepoGroupToPerm.permission))\
.options(joinedload(UserGroupRepoGroupToPerm.group))\
.filter(UserGroupRepoGroupToPerm.users_group_id == id)\
.all()
for gr in ugroup_group_perms:
permissions['repositories_groups'][gr.group.group_name] \
= gr.permission.permission_name
c.permissions = permissions
ug_model = UserGroupModel()
defaults = c.user_group.get_dict()
defaults.update({
'create_repo_perm':
ug_model.has_perm(c.user_group, 'hg.create.repository'),
'create_user_group_perm':
ug_model.has_perm(c.user_group, 'hg.usergroup.create.true'),
'fork_repo_perm':
ug_model.has_perm(c.user_group, 'hg.fork.repository'),
})
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def revoke_user_permission(self, user_group, user):
"""
Revoke permission for user on given repository group
:param user_group: Instance of RepoGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', user_group, user)
def update_default_perms(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
user_group = UserGroup.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
user_group.inherit_default_permissions = inherit_perms
Session().add(user_group)
usergroup_model = UserGroupModel()
defs = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == user_group)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
usergroup_model.grant_perm(id, 'hg.create.repository')
else:
usergroup_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
else:
usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
usergroup_model.grant_perm(id, 'hg.fork.repository')
else:
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_user_group_default_perms', id=id))
def update_default_perms(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
user_group = UserGroup.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
user_group.inherit_default_permissions = inherit_perms
Session().add(user_group)
usergroup_model = UserGroupModel()
defs = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == user_group)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
usergroup_model.grant_perm(id, 'hg.create.repository')
else:
usergroup_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
else:
usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
usergroup_model.grant_perm(id, 'hg.fork.repository')
else:
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_user_group_default_perms', id=id))
def index(self, format='html'):
"""GET /users_groups: All items in the collection"""
# url('users_groups')
_list = UserGroup.query()\
.order_by(func.lower(UserGroup.users_group_name))\
.all()
group_iter = UserGroupList(_list, perm_set=['usergroup.admin'])
user_groups_data = []
total_records = len(group_iter)
_tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup
template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
user_group_name = lambda user_group_id, user_group_name: (
template.get_def("user_group_name")
.render(user_group_id, user_group_name, _=_, h=h, c=c)
)
user_group_actions = lambda user_group_id, user_group_name: (
template.get_def("user_group_actions")
.render(user_group_id, user_group_name, _=_, h=h, c=c)
)
for user_gr in group_iter:
user_groups_data.append({
"raw_name": user_gr.users_group_name,
"group_name": user_group_name(user_gr.users_group_id,
user_gr.users_group_name),
"desc": user_gr.user_group_description,
"members": len(user_gr.members),
"active": h.boolicon(user_gr.users_group_active),
"owner": h.person(user_gr.user.username),
"action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name)
})
c.data = json.dumps({
"totalRecords": total_records,
"startIndex": 0,
"sort": None,
"dir": "asc",
"records": user_groups_data
})
return render('admin/user_groups/user_groups.html')
def test_create_and_remove(self):
usr = UserModel().create_or_update(username=u'test_user',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1', lastname=u'u1')
Session().commit()
self.assertEqual(User.get_by_username(u'test_user'), usr)
# make user group
user_group = fixture.create_user_group('some_example_group')
Session().commit()
UserGroupModel().add_user_to_group(user_group, usr)
Session().commit()
self.assertEqual(UserGroup.get(user_group.users_group_id), user_group)
self.assertEqual(UserGroupMember.query().count(), 1)
UserModel().delete(usr.user_id)
Session().commit()
self.assertEqual(UserGroupMember.query().all(), [])
def remove_user_from_group(self, user_group, user):
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
user_group_member = None
for m in user_group.members:
if m.user_id == user.user_id:
# Found this user's membership row
user_group_member = m
break
if user_group_member:
try:
Session().delete(user_group_member)
return True
except Exception:
log.error(traceback.format_exc())
raise
else:
# User isn't in that group
return False
def remove_user_from_group(self, user_group, user):
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
user_group_member = None
for m in user_group.members:
if m.user_id == user.user_id:
# Found this user's membership row
user_group_member = m
break
if user_group_member:
try:
Session().delete(user_group_member)
return True
except Exception:
log.error(traceback.format_exc())
raise
else:
# User isn't in that group
return False
def index(self, format='html'):
_list = UserGroup.query() \
.order_by(func.lower(UserGroup.users_group_name)) \
.all()
group_iter = UserGroupList(_list, perm_level='admin')
user_groups_data = []
total_records = len(group_iter)
_tmpl_lookup = app_globals.mako_lookup
template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
user_group_name = lambda user_group_id, user_group_name: (
template.get_def("user_group_name")
.render(user_group_id, user_group_name, _=_, h=h, c=c)
)
user_group_actions = lambda user_group_id, user_group_name: (
template.get_def("user_group_actions")
.render(user_group_id, user_group_name, _=_, h=h, c=c)
)
for user_gr in group_iter:
user_groups_data.append({
"raw_name": user_gr.users_group_name,
"group_name": user_group_name(user_gr.users_group_id,
user_gr.users_group_name),
"desc": h.escape(user_gr.user_group_description),
"members": len(user_gr.members),
"active": h.boolicon(user_gr.users_group_active),
"owner": h.person(user_gr.owner.username),
"action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name)
})
c.data = {
"totalRecords": total_records,
"startIndex": 0,
"sort": None,
"dir": "asc",
"records": user_groups_data
}
return render('admin/user_groups/user_groups.html')
def update_perms(self, id):
"""
grant permission for given usergroup
:param id:
"""
user_group = UserGroup.get_or_404(id)
form = UserGroupPermsForm()().to_python(request.POST)
# set the permissions !
try:
UserGroupModel()._update_permissions(user_group, form['perms_new'],
form['perms_updates'])
except RepoGroupAssignmentError:
h.flash(_('Target group cannot be the same'), category='error')
raise HTTPFound(location=url('edit_user_group_perms', id=id))
#TODO: implement this
#action_logger(request.authuser, 'admin_changed_repo_permissions',
# repo_name, request.ip_addr)
Session().commit()
h.flash(_('User group permissions updated'), category='success')
raise HTTPFound(location=url('edit_user_group_perms', id=id))
