def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' % target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group, user_group)
return obj
def grant_user_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
permission = Permission.guess_instance(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' %
target_user_group)
# check if we have that permission already
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, target_user_group,
user_group)
return obj
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
Session().add(obj)
obj.user_group = user_group
obj.user = user
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, user, user_group)
return obj
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def has_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
return UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def grant_user_group_permission(self, repo, group_name, perm):
"""
Grant permission for user group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
:param perm: Instance of Permission, or permission_name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
permission = Permission.guess_instance(perm)
# check if we have that permission already
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.filter(UserGroupRepoToPerm.repository == repo) \
.scalar()
if obj is None:
# create new
obj = UserGroupRepoToPerm()
Session().add(obj)
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
return obj
def revoke_user_group_permission(self, target_user_group, user_group):
"""
Revoke user group permission for given target_user_group
:param target_user_group:
:param user_group:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', target_user_group, user_group)
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def revoke_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
obj = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm).scalar()
if obj is not None:
Session().delete(obj)
def revoke_user_group_permission(self, target_user_group, user_group):
"""
Revoke user group permission for given target_user_group
:param target_user_group:
:param user_group:
"""
target_user_group = UserGroup.guess_instance(target_user_group)
user_group = UserGroup.guess_instance(user_group)
obj = UserGroupUserGroupToPerm.query() \
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \
.filter(UserGroupUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', target_user_group,
user_group)
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def grant_perm(self, user_group, perm):
user_group = UserGroup.guess_instance(user_group)
perm = Permission.guess_instance(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == user_group) \
.filter(UserGroupToPerm.permission == perm) \
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = user_group
new.permission = perm
Session().add(new)
return new
def revoke_user_group_permission(self, repo, group_name):
"""
Revoke permission for user group on given repository
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo) \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm to %s on %s', repo, group_name)
def revoke_user_group_permission(self, repo, group_name):
"""
Revoke permission for user group on given repository
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or user group name
"""
repo = Repository.guess_instance(repo)
group_name = UserGroup.guess_instance(group_name)
obj = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo) \
.filter(UserGroupRepoToPerm.users_group == group_name) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm to %s on %s', repo, group_name)
def revoke_user_permission(self, user_group, user):
"""
Revoke permission for user on given repository group
:param user_group: Instance of RepoGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', user_group, user)
def revoke_user_permission(self, user_group, user):
"""
Revoke permission for user on given repository group
:param user_group: Instance of RepoGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
"""
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
obj = UserUserGroupToPerm.query() \
.filter(UserUserGroupToPerm.user == user) \
.filter(UserUserGroupToPerm.user_group == user_group) \
.scalar()
if obj is not None:
Session().delete(obj)
log.debug('Revoked perm on %s on %s', user_group, user)
def remove_user_from_group(self, user_group, user):
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
user_group_member = None
for m in user_group.members:
if m.user_id == user.user_id:
# Found this user's membership row
user_group_member = m
break
if user_group_member:
try:
Session().delete(user_group_member)
return True
except Exception:
log.error(traceback.format_exc())
raise
else:
# User isn't in that group
return False
def remove_user_from_group(self, user_group, user):
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
user_group_member = None
for m in user_group.members:
if m.user_id == user.user_id:
# Found this user's membership row
user_group_member = m
break
if user_group_member:
try:
Session().delete(user_group_member)
return True
except Exception:
log.error(traceback.format_exc())
raise
else:
# User isn't in that group
return False
def update(self, user_group, form_data):
try:
user_group = UserGroup.guess_instance(user_group)
for k, v in form_data.items():
if k == 'users_group_members':
members_list = []
if v:
v = [v] if isinstance(v, basestring) else v
for u_id in set(v):
member = UserGroupMember(user_group.users_group_id, u_id)
members_list.append(member)
Session().add(member)
user_group.members = members_list
setattr(user_group, k, v)
# Flush to make db assign users_group_member_id to newly
# created UserGroupMembers.
Session().flush()
except Exception:
log.error(traceback.format_exc())
raise
def delete(self, user_group, force=False):
"""
Deletes user group, unless force flag is used
raises exception if there are members in that group, else deletes
group and users
:param user_group:
:param force:
"""
user_group = UserGroup.guess_instance(user_group)
try:
# check if this group is not assigned to repo
assigned_groups = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == user_group).all()
assigned_groups = [x.repository.repo_name for x in assigned_groups]
if assigned_groups and not force:
raise UserGroupsAssignedException(
'User Group assigned to %s' % ", ".join(assigned_groups))
Session().delete(user_group)
except Exception:
log.error(traceback.format_exc())
raise
def add_user_to_group(self, user_group, user):
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
for m in user_group.members:
u = m.user
if u.user_id == user.user_id:
# user already in the group, skip
return True
try:
user_group_member = UserGroupMember()
user_group_member.user = user
user_group_member.users_group = user_group
user_group.members.append(user_group_member)
user.group_member.append(user_group_member)
Session().add(user_group_member)
return user_group_member
except Exception:
log.error(traceback.format_exc())
raise
def delete(self, user_group, force=False):
"""
Deletes user group, unless force flag is used
raises exception if there are members in that group, else deletes
group and users
:param user_group:
:param force:
"""
user_group = UserGroup.guess_instance(user_group)
try:
# check if this group is not assigned to repo
assigned_groups = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.users_group == user_group).all()
assigned_groups = [x.repository.repo_name for x in assigned_groups]
if assigned_groups and not force:
raise UserGroupsAssignedException('User Group assigned to %s' %
", ".join(assigned_groups))
Session().delete(user_group)
except Exception:
log.error(traceback.format_exc())
raise
def add_user_to_group(self, user_group, user):
user_group = UserGroup.guess_instance(user_group)
user = User.guess_instance(user)
for m in user_group.members:
u = m.user
if u.user_id == user.user_id:
# user already in the group, skip
return True
try:
user_group_member = UserGroupMember()
user_group_member.user = user
user_group_member.users_group = user_group
user_group.members.append(user_group_member)
user.group_member.append(user_group_member)
Session().add(user_group_member)
return user_group_member
except Exception:
log.error(traceback.format_exc())
raise
def update(self, user_group, form_data):
try:
user_group = UserGroup.guess_instance(user_group)
for k, v in form_data.items():
if k == 'users_group_members':
members_list = []
if v:
v = [v] if isinstance(v, basestring) else v
for u_id in set(v):
member = UserGroupMember(user_group.users_group_id,
u_id)
members_list.append(member)
Session().add(member)
user_group.members = members_list
setattr(user_group, k, v)
# Flush to make db assign users_group_member_id to newly
# created UserGroupMembers.
Session().flush()
except Exception:
log.error(traceback.format_exc())
raise
def get_group(self, user_group):
return UserGroup.guess_instance(user_group)
def get_group(self, user_group):
return UserGroup.guess_instance(user_group)
