def step_12(self):
self.klass.create_permissions()
Session().commit()
self.klass.populate_default_permissions()
Session().commit()
#fix all usergroups
ug_model = UserGroupModel()
for ug in UserGroup.get_all():
perm_obj = ug_model._create_default_perms(ug)
Session().add(perm_obj)
Session().commit()
adm = User.get_first_admin()
# fix owners of UserGroup
for ug in Session().query(UserGroup).all():
ug.user_id = adm.user_id
Session().add(ug)
Session().commit()
# fix owners of RepoGroup
for ug in Session().query(RepoGroup).all():
ug.user_id = adm.user_id
Session().add(ug)
Session().commit()
def delete_user_group_perm_member(self, id):
"""
DELETE an existing repository group permission user
:param group_name:
"""
try:
obj_type = request.POST.get('obj_type')
obj_id = None
if obj_type == 'user':
obj_id = safe_int(request.POST.get('user_id'))
elif obj_type == 'user_group':
obj_id = safe_int(request.POST.get('user_group_id'))
if not c.rhodecode_user.is_admin:
if obj_type == 'user' and c.rhodecode_user.user_id == obj_id:
msg = _('Cannot revoke permission for yourself as admin')
h.flash(msg, category='warning')
raise Exception('revoke admin permission on self')
if obj_type == 'user':
UserGroupModel().revoke_user_permission(user_group=id,
user=obj_id)
elif obj_type == 'user_group':
UserGroupModel().revoke_users_group_permission(
target_user_group=id, user_group=obj_id)
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during revoking of permission'),
category='error')
raise HTTPInternalServerError()
def test_propagated_permission_from_users_group(self):
# make group
self.ug1 = UserGroupModel().create('G1')
# add user to group
UserGroupModel().add_user_to_group(self.ug1, self.u3)
# grant perm for group this should override default permission from user
new_perm_gr = 'repository.write'
RepoModel().grant_users_group_permission(repo=HG_REPO,
group_name=self.ug1,
perm=new_perm_gr)
# check perms
u3_auth = AuthUser(user_id=self.u3.user_id)
perms = {
'repositories_groups': {},
'global':
set([
u'hg.create.repository', u'repository.read',
u'hg.register.manual_activate'
]),
'repositories': {
u'vcs_test_hg': u'repository.read'
}
}
self.assertEqual(u3_auth.permissions['repositories'][HG_REPO],
new_perm_gr)
self.assertEqual(u3_auth.permissions['repositories_groups'],
perms['repositories_groups'])
def __load_defaults(self, user_group_id):
"""
Load defaults settings for edit, and update
:param user_group_id:
"""
user_group = UserGroup.get_or_404(user_group_id)
data = user_group.get_dict()
ug_model = UserGroupModel()
data.update({
'create_repo_perm': ug_model.has_perm(user_group,
'hg.create.repository'),
'create_user_group_perm': ug_model.has_perm(user_group,
'hg.usergroup.create.true'),
'fork_repo_perm': ug_model.has_perm(user_group,
'hg.fork.repository'),
})
# fill user group users
for p in user_group.user_user_group_to_perm:
data.update({'u_perm_%s' % p.user.username:
p.permission.permission_name})
for p in user_group.user_group_user_group_to_perm:
data.update({'g_perm_%s' % p.user_group.users_group_name:
p.permission.permission_name})
return data
def create_users_group(self,
apiuser,
group_name,
owner=Optional(OAttr('apiuser')),
active=Optional(True)):
"""
Creates an new usergroup
:param apiuser:
:param group_name:
:param owner:
:param active:
"""
if UserGroupModel().get_by_name(group_name):
raise JSONRPCError("user group `%s` already exist" % group_name)
try:
if isinstance(owner, Optional):
owner = apiuser.user_id
owner = get_user_or_error(owner)
active = Optional.extract(active)
ug = UserGroupModel().create(name=group_name,
owner=owner,
active=active)
Session().commit()
return dict(msg='created new user group `%s`' % group_name,
users_group=ug.get_api_data())
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to create group `%s`' % group_name)
def step_12(self):
self.klass.create_permissions()
Session().commit()
self.klass.populate_default_permissions()
Session().commit()
#fix all usergroups
ug_model = UserGroupModel()
for ug in UserGroup.get_all():
perm_obj = ug_model._create_default_perms(ug)
Session().add(perm_obj)
Session().commit()
adm = User.get_first_admin()
# fix owners of UserGroup
for ug in Session().query(UserGroup).all():
ug.user_id = adm.user_id
Session().add(ug)
Session().commit()
# fix owners of RepoGroup
for ug in Session().query(RepoGroup).all():
ug.user_id = adm.user_id
Session().add(ug)
Session().commit()
def __load_defaults(self, user_group_id):
"""
Load defaults settings for edit, and update
:param user_group_id:
"""
user_group = UserGroup.get_or_404(user_group_id)
data = user_group.get_dict()
ug_model = UserGroupModel()
data.update({
'create_repo_perm':
ug_model.has_perm(user_group, 'hg.create.repository'),
'create_user_group_perm':
ug_model.has_perm(user_group, 'hg.usergroup.create.true'),
'fork_repo_perm':
ug_model.has_perm(user_group, 'hg.fork.repository'),
})
# fill user group users
for p in user_group.user_user_group_to_perm:
data.update(
{'u_perm_%s' % p.user.username: p.permission.permission_name})
for p in user_group.user_group_user_group_to_perm:
data.update({
'g_perm_%s' % p.user_group.users_group_name:
p.permission.permission_name
})
return data
def create_users_group(self, apiuser, group_name,
owner=Optional(OAttr('apiuser')),
active=Optional(True)):
"""
Creates an new usergroup
:param apiuser:
:param group_name:
:param owner:
:param active:
"""
if UserGroupModel().get_by_name(group_name):
raise JSONRPCError("user group `%s` already exist" % group_name)
try:
if isinstance(owner, Optional):
owner = apiuser.user_id
owner = get_user_or_error(owner)
active = Optional.extract(active)
ug = UserGroupModel().create(name=group_name,
owner=owner,
active=active)
Session().commit()
return dict(
msg='created new user group `%s`' % group_name,
users_group=ug.get_api_data()
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to create group `%s`' % group_name)
def test_repo_group_user_as_user_group_member(self):
# create Group1
self.g1 = fixture.create_group('group1', skip_if_exists=True)
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.read'})
# set default permission to none
ReposGroupModel().grant_user_permission(repos_group=self.g1,
user=self.anon,
perm='group.none')
# make group
self.ug1 = UserGroupModel().create('G1')
# add user to group
UserGroupModel().add_user_to_group(self.ug1, self.u1)
Session().commit()
# check if user is in the group
membrs = [
x.user_id
for x in UserGroupModel().get(self.ug1.users_group_id).members
]
self.assertEqual(membrs, [self.u1.user_id])
# add some user to that group
# check his permissions
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
# grant ug1 read permissions for
ReposGroupModel().grant_users_group_permission(repos_group=self.g1,
group_name=self.ug1,
perm='group.read')
Session().commit()
# check if the
obj = Session().query(UserGroupRepoGroupToPerm)\
.filter(UserGroupRepoGroupToPerm.group == self.g1)\
.filter(UserGroupRepoGroupToPerm.users_group == self.ug1)\
.scalar()
self.assertEqual(obj.permission.permission_name, 'group.read')
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories_groups'],
{u'group1': u'group.read'})
def remove_user_from_users_group(self, apiuser, usersgroupid, userid):
"""
Remove user from a group
:param apiuser:
:param usersgroupid:
:param userid:
"""
user = get_user_or_error(userid)
users_group = get_users_group_or_error(usersgroupid)
try:
success = UserGroupModel().remove_user_from_group(users_group,
user)
msg = 'removed member `%s` from user group `%s`' % (
user.username, users_group.users_group_name
)
msg = msg if success else "User wasn't in group"
Session().commit()
return dict(success=success, msg=msg)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'failed to remove member from user group `%s`' % (
users_group.users_group_name
)
)
def add_user_to_users_group(self, apiuser, usersgroupid, userid):
""""
Add a user to a user group
:param apiuser:
:param usersgroupid:
:param userid:
"""
user = get_user_or_error(userid)
users_group = get_users_group_or_error(usersgroupid)
try:
ugm = UserGroupModel().add_user_to_group(users_group, user)
success = True if ugm != True else False
msg = 'added member `%s` to user group `%s`' % (
user.username, users_group.users_group_name
)
msg = msg if success else 'User is already in that group'
Session().commit()
return dict(
success=success,
msg=msg
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'failed to add member to user group `%s`' % (
users_group.users_group_name
)
)
def update(self, id):
"""PUT /users_groups/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='put')
# url('users_group', id=ID)
c.users_group = UserGroup.get_or_404(id)
self._load_data(id)
available_members = [safe_unicode(x[0]) for x in c.available_members]
users_group_form = UserGroupForm(edit=True,
old_data=c.users_group.get_dict(),
available_members=available_members)()
try:
form_result = users_group_form.to_python(request.POST)
UserGroupModel().update(c.users_group, form_result)
gr = form_result['users_group_name']
action_logger(self.rhodecode_user,
'admin_updated_users_group:%s' % gr, None,
self.ip_addr, self.sa)
h.flash(_('Updated user group %s') % gr, category='success')
Session().commit()
except formencode.Invalid, errors:
ug_model = UserGroupModel()
defaults = errors.value
e = errors.error_dict or {}
defaults.update({
'create_repo_perm':
ug_model.has_perm(id, 'hg.create.repository'),
'fork_repo_perm':
ug_model.has_perm(id, 'hg.fork.repository'),
'_method':
'put'
})
return htmlfill.render(
render('admin/users_groups/users_group_edit.html'),
defaults=defaults,
errors=e,
prefix_error=False,
encoding="UTF-8")
def update(self, id):
"""PUT /users_groups/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='put')
# url('users_group', id=ID)
c.users_group = UserGroup.get_or_404(id)
self.__load_data(id)
available_members = [safe_unicode(x[0]) for x in c.available_members]
users_group_form = UserGroupForm(edit=True,
old_data=c.users_group.get_dict(),
available_members=available_members)()
try:
form_result = users_group_form.to_python(request.POST)
UserGroupModel().update(c.users_group, form_result)
gr = form_result['users_group_name']
action_logger(self.rhodecode_user,
'admin_updated_users_group:%s' % gr,
None, self.ip_addr, self.sa)
h.flash(_('Updated user group %s') % gr, category='success')
Session().commit()
except formencode.Invalid, errors:
ug_model = UserGroupModel()
defaults = errors.value
e = errors.error_dict or {}
defaults.update({
'create_repo_perm': ug_model.has_perm(id,
'hg.create.repository'),
'fork_repo_perm': ug_model.has_perm(id,
'hg.fork.repository'),
'_method': 'put'
})
return htmlfill.render(
render('admin/users_groups/users_group_edit.html'),
defaults=defaults,
errors=e,
prefix_error=False,
encoding="UTF-8")
def setup_module():
global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms
test_u2 = _create_project_tree()
Session().commit()
test_u2_id = test_u2.user_id
gr1 = UserGroupModel().create(name='perms_group_1')
Session().commit()
test_u2_gr_id = gr1.users_group_id
UserGroupModel().add_user_to_group(gr1, user=test_u2_id)
Session().commit()
_get_repo_perms = functools.partial(_get_perms,
key='repositories',
test_u1_id=test_u2_id)
_get_group_perms = functools.partial(_get_perms,
key='repositories_groups',
test_u1_id=test_u2_id)
def get_users_group_or_error(usersgroupid):
"""
Get user group by id or name or return JsonRPCError if not found
:param userid:
"""
users_group = UserGroupModel().get_group(usersgroupid)
if users_group is None:
raise JSONRPCError('user group `%s` does not exist' % usersgroupid)
return users_group
def test_ValidUserGroup(self):
validator = v.ValidUserGroup()
self.assertRaises(formencode.Invalid, validator.to_python, 'default')
self.assertRaises(formencode.Invalid, validator.to_python, '.,')
gr = fixture.create_user_group('test')
gr2 = fixture.create_user_group('tes2')
Session().commit()
self.assertRaises(formencode.Invalid, validator.to_python, 'test')
assert gr.users_group_id is not None
validator = v.ValidUserGroup(
edit=True, old_data={'users_group_id': gr2.users_group_id})
self.assertRaises(formencode.Invalid, validator.to_python, 'test')
self.assertRaises(formencode.Invalid, validator.to_python, 'TesT')
self.assertRaises(formencode.Invalid, validator.to_python, 'TEST')
UserGroupModel().delete(gr)
UserGroupModel().delete(gr2)
Session().commit()
def get_users_groups(self, apiuser):
""""
Get all user groups
:param apiuser:
"""
result = []
for users_group in UserGroupModel().get_all():
result.append(users_group.get_api_data())
return result
def test_propagated_permission_from_users_group_by_explicit_perms_exist(
self):
# make group
self.ug1 = UserGroupModel().create('G1')
# add user to group
UserGroupModel().add_user_to_group(self.ug1, self.u1)
# set permission to lower
new_perm = 'repository.none'
RepoModel().grant_user_permission(repo=HG_REPO,
user=self.u1,
perm=new_perm)
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
new_perm)
# grant perm for group this should not override permission from user
# since it has explicitly set
new_perm_gr = 'repository.write'
RepoModel().grant_users_group_permission(repo=HG_REPO,
group_name=self.ug1,
perm=new_perm_gr)
# check perms
u1_auth = AuthUser(user_id=self.u1.user_id)
perms = {
'repositories_groups': {},
'global':
set([
u'hg.create.repository', u'repository.read',
u'hg.register.manual_activate'
]),
'repositories': {
u'vcs_test_hg': u'repository.read'
}
}
self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
new_perm)
self.assertEqual(u1_auth.permissions['repositories_groups'],
perms['repositories_groups'])
def test_create_and_remove(self):
usr = UserModel().create_or_update(username=u'test_user',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1', lastname=u'u1')
Session().commit()
self.assertEqual(User.get_by_username(u'test_user'), usr)
# make user group
users_group = UserGroupModel().create('some_example_group')
Session().commit()
UserGroupModel().add_user_to_group(users_group, usr)
Session().commit()
self.assertEqual(UserGroup.get(users_group.users_group_id), users_group)
self.assertEqual(UserGroupMember.query().count(), 1)
UserModel().delete(usr.user_id)
Session().commit()
self.assertEqual(UserGroupMember.query().all(), [])
def edit(self, id, format='html'):
"""GET /users_groups/id/edit: Form to edit an existing item"""
# url('edit_users_group', id=ID)
c.users_group = UserGroup.get_or_404(id)
self._load_data(id)
ug_model = UserGroupModel()
defaults = c.users_group.get_dict()
defaults.update({
'create_repo_perm':
ug_model.has_perm(c.users_group, 'hg.create.repository'),
'fork_repo_perm':
ug_model.has_perm(c.users_group, 'hg.fork.repository'),
})
return htmlfill.render(
render('admin/users_groups/users_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def test_owner_permissions_doesnot_get_overwritten_by_group(self):
#create repo as USER,
self.test_repo = fixture.create_repo(name='myownrepo',
repo_type='hg',
cur_user=self.u1)
#he has permissions of admin as owner
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
'repository.admin')
#set his permission as user group, he should still be admin
self.ug1 = UserGroupModel().create('G1')
# add user to group
UserGroupModel().add_user_to_group(self.ug1, self.u1)
RepoModel().grant_users_group_permission(self.test_repo,
group_name=self.ug1,
perm='repository.none')
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
'repository.admin')
def edit(self, id, format='html'):
"""GET /users_groups/id/edit: Form to edit an existing item"""
# url('edit_users_group', id=ID)
c.users_group = UserGroup.get_or_404(id)
self._load_data(id)
ug_model = UserGroupModel()
defaults = c.users_group.get_dict()
defaults.update({
'create_repo_perm': ug_model.has_perm(c.users_group,
'hg.create.repository'),
'fork_repo_perm': ug_model.has_perm(c.users_group,
'hg.fork.repository'),
})
return htmlfill.render(
render('admin/users_groups/users_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def delete(self, id):
"""DELETE /users_groups/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='delete')
# url('users_group', id=ID)
usr_gr = UserGroup.get_or_404(id)
try:
UserGroupModel().delete(usr_gr)
Session().commit()
h.flash(_('Successfully deleted user group'), category='success')
except UserGroupsAssignedException, e:
h.flash(e, category='error')
def create_user_group(self, name, **kwargs):
if 'skip_if_exists' in kwargs:
del kwargs['skip_if_exists']
gr = UserGroup.get_by_group_name(group_name=name)
if gr:
return gr
form_data = self._get_user_group_create_params(name, **kwargs)
owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
user_group = UserGroupModel().create(
name=form_data['users_group_name'],
owner=owner,
active=form_data['users_group_active'])
Session().commit()
user_group = UserGroup.get_by_group_name(user_group.users_group_name)
return user_group
def tearDown(self):
if hasattr(self, 'test_repo'):
RepoModel().delete(repo=self.test_repo)
UserModel().delete(self.u1)
UserModel().delete(self.u2)
UserModel().delete(self.u3)
UserModel().delete(self.a1)
if hasattr(self, 'g1'):
ReposGroupModel().delete(self.g1.group_id)
if hasattr(self, 'g2'):
ReposGroupModel().delete(self.g2.group_id)
if hasattr(self, 'ug1'):
UserGroupModel().delete(self.ug1, force=True)
Session().commit()
def create(self):
"""POST /users_groups: Create a new item"""
# url('users_groups')
users_group_form = UserGroupForm()()
try:
form_result = users_group_form.to_python(dict(request.POST))
UserGroupModel().create(name=form_result['users_group_name'],
active=form_result['users_group_active'])
gr = form_result['users_group_name']
action_logger(self.rhodecode_user,
'admin_created_users_group:%s' % gr, None,
self.ip_addr, self.sa)
h.flash(_('Created user group %s') % gr, category='success')
Session().commit()
except formencode.Invalid, errors:
return htmlfill.render(
render('admin/users_groups/users_group_add.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def test_propagated_permission_from_users_group_lower_weight(self):
# make group
self.ug1 = fixture.create_user_group('G1')
# add user to group
UserGroupModel().add_user_to_group(self.ug1, self.u1)
# set permission to lower
new_perm_h = 'repository.write'
RepoModel().grant_user_permission(repo=HG_REPO,
user=self.u1,
perm=new_perm_h)
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
new_perm_h)
# grant perm for group this should NOT override permission from user
# since it's lower than granted
new_perm_l = 'repository.read'
RepoModel().grant_users_group_permission(repo=HG_REPO,
group_name=self.ug1,
perm=new_perm_l)
# check perms
u1_auth = AuthUser(user_id=self.u1.user_id)
perms = {
'repositories_groups': {},
'global':
set([
u'hg.create.repository', u'repository.read',
u'hg.register.manual_activate'
]),
'repositories': {
u'vcs_test_hg': u'repository.write'
}
}
self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
new_perm_h)
self.assertEqual(u1_auth.permissions['repositories_groups'],
perms['repositories_groups'])
def set_user_group_perm_member(self, id):
"""
grant permission for given usergroup
:param id:
"""
user_group = UserGroup.get_or_404(id)
form = UserGroupPermsForm()().to_python(request.POST)
# set the permissions !
try:
UserGroupModel()._update_permissions(user_group, form['perms_new'],
form['perms_updates'])
except RepoGroupAssignmentError:
h.flash(_('Target group cannot be the same'), category='error')
return redirect(url('edit_users_group', id=id))
#TODO: implement this
#action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
# repo_name, self.ip_addr, self.sa)
Session().commit()
h.flash(_('User Group permissions updated'), category='success')
return redirect(url('edit_users_group', id=id))
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
users_group = UserGroup.get_or_404(id)
grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
inherit_perms = str2bool(
request.POST.get('inherit_default_permissions'))
usergroup_model = UserGroupModel()
try:
users_group.inherit_default_permissions = inherit_perms
Session().add(users_group)
if grant_create_perm:
usergroup_model.revoke_perm(id, 'hg.create.none')
usergroup_model.grant_perm(id, 'hg.create.repository')
h.flash(
_("Granted 'repository create' permission to user group"),
category='success')
else:
usergroup_model.revoke_perm(id, 'hg.create.repository')
usergroup_model.grant_perm(id, 'hg.create.none')
h.flash(
_("Revoked 'repository create' permission to user group"),
category='success')
if grant_fork_perm:
usergroup_model.revoke_perm(id, 'hg.fork.none')
usergroup_model.grant_perm(id, 'hg.fork.repository')
h.flash(
_("Granted 'repository fork' permission to user group"),
category='success')
else:
usergroup_model.revoke_perm(id, 'hg.fork.repository')
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(
_("Revoked 'repository fork' permission to user group"),
category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_users_group', id=id))
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
users_group = UserGroup.get_or_404(id)
grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
usergroup_model = UserGroupModel()
try:
users_group.inherit_default_permissions = inherit_perms
Session().add(users_group)
if grant_create_perm:
usergroup_model.revoke_perm(id, 'hg.create.none')
usergroup_model.grant_perm(id, 'hg.create.repository')
h.flash(_("Granted 'repository create' permission to user group"),
category='success')
else:
usergroup_model.revoke_perm(id, 'hg.create.repository')
usergroup_model.grant_perm(id, 'hg.create.none')
h.flash(_("Revoked 'repository create' permission to user group"),
category='success')
if grant_fork_perm:
usergroup_model.revoke_perm(id, 'hg.fork.none')
usergroup_model.grant_perm(id, 'hg.fork.repository')
h.flash(_("Granted 'repository fork' permission to user group"),
category='success')
else:
usergroup_model.revoke_perm(id, 'hg.fork.repository')
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Revoked 'repository fork' permission to user group"),
category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_users_group', id=id))
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
users_group = UserGroup.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
users_group.inherit_default_permissions = inherit_perms
Session().add(users_group)
usergroup_model = UserGroupModel()
defs = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
usergroup_model.grant_perm(id, 'hg.create.repository')
else:
usergroup_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
else:
usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
usergroup_model.grant_perm(id, 'hg.fork.repository')
else:
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_users_group', id=id))
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
users_group = UserGroup.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
users_group.inherit_default_permissions = inherit_perms
Session().add(users_group)
usergroup_model = UserGroupModel()
defs = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
usergroup_model.grant_perm(id, 'hg.create.repository')
else:
usergroup_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
else:
usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
usergroup_model.grant_perm(id, 'hg.fork.repository')
else:
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_users_group', id=id))