def follow_project(self, user_name, group_name):
"""
Sets user to follow project if group is correct.
:param list user_name: username for get user object
:param list group_name: groupname to check correct group
"""
if self.env is not None:
if group_name == 'Members' or group_name == 'Owners':
from multiproject.common.projects.project import Project
project = Project.get(None, None, _get_trac_project_name(self.env))
user = conf.getUserStore().getUser(user_name)
from multiproject.core.watchlist import CQDEWatchlistStore
watch_store = CQDEWatchlistStore()
watch_store.watch_project(user.id, project.id)
def downloaded(self, context, download):
"""Called when a file is downloaded
"""
store = conf.getUserStore()
user = store.getUser(context.req.authname)
db = self.env.get_db_cnx()
cursor = db.cursor()
query = "INSERT INTO download_log (release_id,user_id) VALUES(%u,%u)" % \
(safe_int(download['id']), safe_int(user.id))
try:
cursor.execute(query)
db.commit()
except:
self.env.log.debug("Cannot update tracking data. query=[%s]" %
query)
finally:
cursor.close()
db.close()
def downloaded(self, context, download):
"""Called when a file is downloaded
"""
store = conf.getUserStore()
user = store.getUser(context.req.authname)
db = self.env.get_db_cnx()
cursor = db.cursor()
query = "INSERT INTO download_log (release_id,user_id) VALUES(%u,%u)" % (
safe_int(download["id"]),
safe_int(user.id),
)
try:
cursor.execute(query)
db.commit()
except:
self.env.log.debug("Cannot update tracking data. query=[%s]" % query)
finally:
cursor.close()
db.close()
def check_permission(self, action, username, resource, perm):
"""
Checks permissions - Actual checking is done on CQDEPermissionPolicy class
"""
# FIXME: Dirty hack to screw ILegacyAttachmentPolicy.
perm_maps = {
"ATTACHMENT_CREATE": {
"ticket": "TICKET_APPEND",
"wiki": "WIKI_MODIFY",
"milestone": "MILESTONE_MODIFY",
"discussion": "DISCUSSION_ATTACH",
},
"ATTACHMENT_VIEW": {
"ticket": "TICKET_VIEW",
"wiki": "WIKI_VIEW",
"milestone": "MILESTONE_VIEW",
"discussion": "DISCUSSION_ATTACH",
},
"ATTACHMENT_DELETE": {
"ticket": "TICKET_ADMIN",
"wiki": "WIKI_DELETE",
"milestone": "MILESTONE_DELETE",
"discussion": "DISCUSSION_ATTACH",
},
}
perm_map = perm_maps.get(action)
if perm_map and resource and resource.realm == "attachment":
action = perm_map.get(resource.parent.realm)
policy = CQDEPermissionPolicy(self.env)
# Project context check
if resource and resource.realm == "project":
# NOTE: Load project to get environment key required by check_permission
# NOTE: Internal TracEnvironment cannot be used because env can be home, whereas project id is not
project = Project.get(id=resource.id)
if project and policy.check_permission(project.trac_environment_key, action, username):
return True
return False
# Ticket authors should be able to edit their own tickets
# (excluding 'anonymous')
if (
username != "anonymous"
and resource
and resource.id
and resource.realm == "ticket"
and action in ("TICKET_CHGPROP", "TICKET_EDIT_DESCRIPTION")
):
ticket = Ticket(self.env, int(resource.id))
if ticket.exists and username == ticket["reporter"]:
return True
# Load lightweight trac environment to get environment id, required by internal check_permission
env_name = conf.resolveProjectName(self.env)
environment = TracEnvironment.read(env_name)
# Check permission using global permission policy and storage
if not policy.check_permission(environment.environment_id, action, username):
return False
# Additional, resources based checks
# User author check
if action in ("USER_ADMIN", "USER_AUTHOR", "USER_VIEW", "USER_MODIFY", "USER_DELETE") and resource:
# Check if USER_ADMIN permission in home project
home_perm = PermissionCache(conf.home_env, username)
if "USER_ADMIN" in home_perm:
return True
userstore = conf.getUserStore()
resource_user = userstore.getUserWhereId(resource.id)
user = userstore.getUser(username)
# Allow manage own and authored account
if action in ("USER_ADMIN", "USER_AUTHOR"):
return resource_user.author_id == user.id or resource_user.id == user.id
# Allow to manage itself
return resource_user.id == user.id
return True
