def test_revoke_perm_fork_repo(self): self.log_user() perm_none = Permission.get_by_key('hg.fork.none') perm_fork = Permission.get_by_key('hg.fork.repository') user = UserModel().create_or_update(username='******', password='******', email='dummy', firstname='a', lastname='b') Session().commit() uid = user.user_id try: #User should have None permission on creation repository self.assertEqual(UserModel().has_perm(user, perm_none), False) self.assertEqual(UserModel().has_perm(user, perm_fork), False) response = self.app.post(url('edit_user_perms', id=uid), params=dict(_method='put')) perm_none = Permission.get_by_key('hg.create.none') perm_create = Permission.get_by_key('hg.create.repository') #User should have None permission on creation repository self.assertEqual(UserModel().has_perm(uid, perm_none), True) self.assertEqual(UserModel().has_perm(uid, perm_create), False) finally: UserModel().delete(uid) Session().commit()
def test_revoke_perm_fork_repo(self): self.log_user() perm_none = Permission.get_by_key('hg.fork.none') perm_fork = Permission.get_by_key('hg.fork.repository') user = UserModel().create_or_update(username='******', password='******', email='dummy', firstname='a', lastname='b') Session().commit() uid = user.user_id try: # User should have None permission on creation repository assert UserModel().has_perm(user, perm_none) == False assert UserModel().has_perm(user, perm_fork) == False response = self.app.post( base.url('edit_user_perms_update', id=uid), params=dict(_session_csrf_secret_token=self. session_csrf_secret_token())) perm_none = Permission.get_by_key('hg.create.none') perm_create = Permission.get_by_key('hg.create.repository') # User should have None permission on creation repository assert UserModel().has_perm(uid, perm_none) == True assert UserModel().has_perm(uid, perm_create) == False finally: UserModel().delete(uid) Session().commit()
def test_revoke_perm_fork_repo(self): self.log_user() perm_none = Permission.get_by_key('hg.fork.none') perm_fork = Permission.get_by_key('hg.fork.repository') user = UserModel().create_or_update(username='******', password='******', email='dummy', firstname=u'a', lastname=u'b') Session().commit() uid = user.user_id try: #User should have None permission on creation repository assert UserModel().has_perm(user, perm_none) == False assert UserModel().has_perm(user, perm_fork) == False response = self.app.post(url('edit_user_perms_update', id=uid), params=dict(_authentication_token=self.authentication_token())) perm_none = Permission.get_by_key('hg.create.none') perm_create = Permission.get_by_key('hg.create.repository') #User should have None permission on creation repository assert UserModel().has_perm(uid, perm_none) == True assert UserModel().has_perm(uid, perm_create) == False finally: UserModel().delete(uid) Session().commit()
def create_permissions(self): """ Create permissions for whole system """ for p in Permission.PERMS: if not Permission.get_by_key(p[0]): new_perm = Permission() new_perm.permission_name = p[0] Session().add(new_perm)
def test_set_default_permissions_after_modification(self, perm, modify_to): PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1) old = Permission.get_by_key(perm) new = Permission.get_by_key(modify_to) assert old != None assert new != None #now modify permissions p = UserToPerm.query() \ .filter(UserToPerm.user == self.u1) \ .filter(UserToPerm.permission == old) \ .one() p.permission = new Session().commit() PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1)
def create_permissions(self): """ Create permissions for whole system """ for p in Permission.PERMS: if not Permission.get_by_key(p[0]): new_perm = Permission() new_perm.permission_name = p[0] new_perm.permission_longname = p[0] #translation err with p[1] self.sa.add(new_perm)
def update_user_permission(self, repository, user, permission): permission = Permission.get_by_key(permission) current = self.get_user_permission(repository, user) if current: if not current.permission is permission: current.permission = permission else: p = UserRepoToPerm() p.user = user p.repository = repository p.permission = permission self.sa.add(p)
def update_users_group_permission(self, repository, users_group, permission): permission = Permission.get_by_key(permission) current = self.get_users_group_permission(repository, users_group) if current: if not current.permission is permission: current.permission = permission else: p = UserGroupRepoToPerm() p.users_group = users_group p.repository = repository p.permission = permission Session().add(p)
def _create_default_perms(self, new_group): # create default permission default_perm = 'group.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('group.'): default_perm = p.permission.permission_name break repo_group_to_perm = UserRepoGroupToPerm() repo_group_to_perm.permission = Permission.get_by_key(default_perm) repo_group_to_perm.group = new_group repo_group_to_perm.user_id = def_user.user_id return repo_group_to_perm
def _create_default_perms(self, user_group): # create default permission default_perm = 'usergroup.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('usergroup.'): default_perm = p.permission.permission_name break user_group_to_perm = UserUserGroupToPerm() user_group_to_perm.permission = Permission.get_by_key(default_perm) user_group_to_perm.user_group = user_group user_group_to_perm.user_id = def_user.user_id return user_group_to_perm
def test_set_private_flag_sets_default_to_none(self): self.log_user() # initially repository perm should be read perm = _get_permission_for_user(user='******', repo=self.REPO) assert len(perm), 1 assert perm[0].permission.permission_name == 'repository.read' assert Repository.get_by_repo_name(self.REPO).private == False response = self.app.post( base.url('update_repo', repo_name=self.REPO), fixture._get_repo_create_params( repo_private=1, repo_name=self.REPO, repo_type=self.REPO_TYPE, owner=base.TEST_USER_ADMIN_LOGIN, _session_csrf_secret_token=self.session_csrf_secret_token())) self.checkSessionFlash(response, msg='Repository %s updated successfully' % (self.REPO)) assert Repository.get_by_repo_name(self.REPO).private == True # now the repo default permission should be None perm = _get_permission_for_user(user='******', repo=self.REPO) assert len(perm), 1 assert perm[0].permission.permission_name == 'repository.none' response = self.app.post( base.url('update_repo', repo_name=self.REPO), fixture._get_repo_create_params( repo_private=False, repo_name=self.REPO, repo_type=self.REPO_TYPE, owner=base.TEST_USER_ADMIN_LOGIN, _session_csrf_secret_token=self.session_csrf_secret_token())) self.checkSessionFlash(response, msg='Repository %s updated successfully' % (self.REPO)) assert Repository.get_by_repo_name(self.REPO).private == False # we turn off private now the repo default permission should stay None perm = _get_permission_for_user(user='******', repo=self.REPO) assert len(perm), 1 assert perm[0].permission.permission_name == 'repository.none' # update this permission back perm[0].permission = Permission.get_by_key('repository.read') Session().commit()
def _create_default_perms(self, repository, private): # create default permission default = 'repository.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('repository.'): default = p.permission.permission_name break default_perm = 'repository.none' if private else default repo_to_perm = UserRepoToPerm() repo_to_perm.permission = Permission.get_by_key(default_perm) repo_to_perm.repository = repository repo_to_perm.user_id = def_user.user_id return repo_to_perm
def test_set_private_flag_sets_default_to_none(self): self.log_user() #initially repository perm should be read perm = _get_permission_for_user(user='******', repo=self.REPO) self.assertTrue(len(perm), 1) self.assertEqual(perm[0].permission.permission_name, 'repository.read') self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) response = self.app.put( url('repo', repo_name=self.REPO), fixture._get_repo_create_params(repo_private=1, repo_name=self.REPO, repo_type=self.REPO_TYPE, user=TEST_USER_ADMIN_LOGIN)) self.checkSessionFlash(response, msg='Repository %s updated successfully' % (self.REPO)) self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True) #now the repo default permission should be None perm = _get_permission_for_user(user='******', repo=self.REPO) self.assertTrue(len(perm), 1) self.assertEqual(perm[0].permission.permission_name, 'repository.none') response = self.app.put( url('repo', repo_name=self.REPO), fixture._get_repo_create_params(repo_private=False, repo_name=self.REPO, repo_type=self.REPO_TYPE, user=TEST_USER_ADMIN_LOGIN)) self.checkSessionFlash(response, msg='Repository %s updated successfully' % (self.REPO)) self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) #we turn off private now the repo default permission should stay None perm = _get_permission_for_user(user='******', repo=self.REPO) self.assertTrue(len(perm), 1) self.assertEqual(perm[0].permission.permission_name, 'repository.none') #update this permission back perm[0].permission = Permission.get_by_key('repository.read') Session().add(perm[0]) Session().commit()
def test_set_private_flag_sets_default_to_none(self): self.log_user() #initially repository perm should be read perm = _get_permission_for_user(user='******', repo=self.REPO) self.assertTrue(len(perm), 1) self.assertEqual(perm[0].permission.permission_name, 'repository.read') self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) response = self.app.put(url('repo', repo_name=self.REPO), fixture._get_repo_create_params(repo_private=1, repo_name=self.REPO, repo_type=self.REPO_TYPE, user=TEST_USER_ADMIN_LOGIN, _authentication_token=self.authentication_token())) self.checkSessionFlash(response, msg='Repository %s updated successfully' % (self.REPO)) self.assertEqual(Repository.get_by_repo_name(self.REPO).private, True) #now the repo default permission should be None perm = _get_permission_for_user(user='******', repo=self.REPO) self.assertTrue(len(perm), 1) self.assertEqual(perm[0].permission.permission_name, 'repository.none') response = self.app.put(url('repo', repo_name=self.REPO), fixture._get_repo_create_params(repo_private=False, repo_name=self.REPO, repo_type=self.REPO_TYPE, user=TEST_USER_ADMIN_LOGIN, _authentication_token=self.authentication_token())) self.checkSessionFlash(response, msg='Repository %s updated successfully' % (self.REPO)) self.assertEqual(Repository.get_by_repo_name(self.REPO).private, False) #we turn off private now the repo default permission should stay None perm = _get_permission_for_user(user='******', repo=self.REPO) self.assertTrue(len(perm), 1) self.assertEqual(perm[0].permission.permission_name, 'repository.none') #update this permission back perm[0].permission = Permission.get_by_key('repository.read') Session().add(perm[0]) Session().commit()
def _create_repo(self, repo_name, repo_type, description, owner, private=False, clone_uri=None, repo_group=None, landing_rev='rev:tip', fork_of=None, copy_fork_permissions=False, enable_statistics=False, enable_locking=False, enable_downloads=False, copy_group_permissions=False, state=Repository.STATE_PENDING): """ Create repository inside database with PENDING state. This should only be executed by create() repo, with exception of importing existing repos. """ from kallithea.model.scm import ScmModel owner = User.guess_instance(owner) fork_of = Repository.guess_instance(fork_of) repo_group = RepoGroup.guess_instance(repo_group) try: repo_name = safe_unicode(repo_name) description = safe_unicode(description) # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name_full = repo_name repo_name = repo_name.split(self.URL_SEPARATOR)[-1] new_repo = Repository() new_repo.repo_state = state new_repo.enable_statistics = False new_repo.repo_name = repo_name_full new_repo.repo_type = repo_type new_repo.owner = owner new_repo.group = repo_group new_repo.description = description or repo_name new_repo.private = private new_repo.clone_uri = clone_uri new_repo.landing_rev = landing_rev new_repo.enable_statistics = enable_statistics new_repo.enable_locking = enable_locking new_repo.enable_downloads = enable_downloads if repo_group: new_repo.enable_locking = repo_group.enable_locking if fork_of: parent_repo = fork_of new_repo.fork = parent_repo Session().add(new_repo) if fork_of and copy_fork_permissions: repo = fork_of user_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == repo).all() group_perms = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UserGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) elif repo_group and copy_group_permissions: user_perms = UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.group == repo_group).all() group_perms = UserGroupRepoGroupToPerm.query() \ .filter(UserGroupRepoGroupToPerm.group == repo_group).all() for perm in user_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserRepoToPerm.create(perm.user, new_repo, perm_obj) for perm in group_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj) else: self._create_default_perms(new_repo, private) # now automatically start following this repository as owner ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id) # we need to flush here, in order to check if database won't # throw any exceptions, create filesystem dirs at the very end Session().flush() return new_repo except Exception: log.error(traceback.format_exc()) raise
def test_create_in_group_inherit_permissions(self): self.log_user() ## create GROUP group_name = 'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=TEST_USER_ADMIN_LOGIN) perm = Permission.get_by_key('repository.write') RepoGroupModel().grant_user_permission(gr, TEST_USER_REGULAR_LOGIN, perm) ## add repo permissions Session().commit() repo_name = 'ingroup_inherited_%s' % self.REPO_TYPE repo_name_full = RepoGroup.url_sep().join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post(url('repos'), fixture._get_repo_create_params(repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, repo_copy_permissions=True, _authentication_token=self.authentication_token())) ## run the check page that triggers the flash message response = self.app.get(url('repo_check_home', repo_name=repo_name_full)) self.checkSessionFlash(response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository)\ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id self.assertEqual(new_repo.repo_name, repo_name_full) self.assertEqual(new_repo.description, description) # test if the repository is visible in the list ? response = self.app.get(url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) # test if the repository was created on filesystem try: vcs.get_repo(os.path.join(TESTS_TMP_PATH, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() self.fail('no repo %s in filesystem' % repo_name) #check if inherited permissiona are applied inherited_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository_id == new_repo_id).all() self.assertEqual(len(inherited_perms), 2) self.assertTrue(TEST_USER_REGULAR_LOGIN in [x.user.username for x in inherited_perms]) self.assertTrue('repository.write' in [x.permission.permission_name for x in inherited_perms]) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def update(self, form_result): perm_user = User.get_by_username( username=form_result['perm_user_name']) try: # stage 1 set anonymous access if perm_user.is_default_user: perm_user.active = str2bool(form_result['anonymous']) # stage 2 reset defaults and set them from form data def _make_new(usr, perm_name): log.debug('Creating new permission:%s', perm_name) new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new # clear current entries, to make this function idempotent # it will fix even if we define more permissions or permissions # are somehow missing u2p = UserToPerm.query() \ .filter(UserToPerm.user == perm_user) \ .all() for p in u2p: Session().delete(p) # create fresh set of permissions for def_perm_key in [ 'default_repo_perm', 'default_group_perm', 'default_user_group_perm', 'default_repo_create', 'create_on_write', # special case for create repos on write access to group #'default_repo_group_create', # not implemented yet 'default_user_group_create', 'default_fork', 'default_register', 'default_extern_activate' ]: p = _make_new(perm_user, form_result[def_perm_key]) Session().add(p) # stage 3 update all default permissions for repos if checked if form_result['overwrite_default_repo']: _def_name = form_result['default_repo_perm'].split( 'repository.')[-1] _def = Permission.get_by_key('repository.' + _def_name) # repos for r2p in UserRepoToPerm.query() \ .filter(UserRepoToPerm.user == perm_user) \ .all(): # don't reset PRIVATE repositories if not r2p.repository.private: r2p.permission = _def if form_result['overwrite_default_group']: _def_name = form_result['default_group_perm'].split( 'group.')[-1] # groups _def = Permission.get_by_key('group.' + _def_name) for g2p in UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.user == perm_user) \ .all(): g2p.permission = _def if form_result['overwrite_default_user_group']: _def_name = form_result['default_user_group_perm'].split( 'usergroup.')[-1] # groups _def = Permission.get_by_key('usergroup.' + _def_name) for g2p in UserUserGroupToPerm.query() \ .filter(UserUserGroupToPerm.user == perm_user) \ .all(): g2p.permission = _def Session().commit() except (DatabaseError, ): log.error(traceback.format_exc()) Session().rollback() raise
def test_default_perms_enable_repository_fork_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post( url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group ') ## ENABLE REPO CREATE ON A GROUP response = self.app.put( url('edit_user_group_default_perms', id=ug.users_group_id), {'fork_repo_perm': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.repository') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[ x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) ## DISABLE REPO CREATE ON A GROUP response = self.app.put( url('edit_user_group_default_perms', id=ug.users_group_id), {}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[ x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = Session().query(UserGroup)\ .filter(UserGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.fork.repository') perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[ x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual(perms, [])
def test_create_in_group_inherit_permissions(self): self.log_user() ## create GROUP group_name = 'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=base.TEST_USER_ADMIN_LOGIN) perm = Permission.get_by_key('repository.write') RepoGroupModel().grant_user_permission(gr, base.TEST_USER_REGULAR_LOGIN, perm) ## add repo permissions Session().commit() repo_name = 'ingroup_inherited_%s' % self.REPO_TYPE repo_name_full = db.URL_SEP.join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, repo_copy_permissions=True, _session_csrf_secret_token=self.session_csrf_secret_token())) ## run the check page that triggers the flash message response = self.app.get( base.url('repo_check_home', repo_name=repo_name_full)) self.checkSessionFlash( response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository) \ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id assert new_repo.repo_name == repo_name_full assert new_repo.description == description # test if the repository is visible in the list ? response = self.app.get( base.url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) # test if the repository was created on filesystem try: vcs.get_repo( os.path.join( Ui.get_by_key('paths', '/').ui_value, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() pytest.fail('no repo %s in filesystem' % repo_name) # check if inherited permissiona are applied inherited_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository_id == new_repo_id).all() assert len(inherited_perms) == 2 assert base.TEST_USER_REGULAR_LOGIN in [ x.user.username for x in inherited_perms ] assert 'repository.write' in [ x.permission.permission_name for x in inherited_perms ] RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def _make_perm(perm): new_perm = UserToPerm() new_perm.user = user new_perm.permission = Permission.get_by_key(perm) return new_perm
def test_default_perms_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post(url('users_groups'), {'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group ') ## ENABLE REPO CREATE ON A GROUP response = self.app.put(url('edit_user_group_default_perms', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) ## DISABLE REPO CREATE ON A GROUP response = self.app.put( url('edit_user_group_default_perms', id=ug.users_group_id), {}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = Session().query(UserGroup)\ .filter(UserGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual(perms, [])
def _make_new(usr, perm_name): log.debug('Creating new permission:%s', perm_name) new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new
def _create_repo(self, repo_name, repo_type, description, owner, private=False, clone_uri=None, repo_group=None, landing_rev='rev:tip', fork_of=None, copy_fork_permissions=False, enable_statistics=False, enable_locking=False, enable_downloads=False, copy_group_permissions=False, state=Repository.STATE_PENDING): """ Create repository inside database with PENDING state. This should only be executed by create() repo, with exception of importing existing repos. """ from kallithea.model.scm import ScmModel owner = self._get_user(owner) fork_of = self._get_repo(fork_of) repo_group = self._get_repo_group(repo_group) try: repo_name = safe_unicode(repo_name) description = safe_unicode(description) # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name_full = repo_name repo_name = repo_name.split(self.URL_SEPARATOR)[-1] new_repo = Repository() new_repo.repo_state = state new_repo.enable_statistics = False new_repo.repo_name = repo_name_full new_repo.repo_type = repo_type new_repo.user = owner new_repo.group = repo_group new_repo.description = description or repo_name new_repo.private = private new_repo.clone_uri = clone_uri new_repo.landing_rev = landing_rev new_repo.enable_statistics = enable_statistics new_repo.enable_locking = enable_locking new_repo.enable_downloads = enable_downloads if repo_group: new_repo.enable_locking = repo_group.enable_locking if fork_of: parent_repo = fork_of new_repo.fork = parent_repo self.sa.add(new_repo) if fork_of and copy_fork_permissions: repo = fork_of user_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == repo).all() group_perms = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UserGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) elif repo_group and copy_group_permissions: user_perms = UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.group == repo_group).all() group_perms = UserGroupRepoGroupToPerm.query() \ .filter(UserGroupRepoGroupToPerm.group == repo_group).all() for perm in user_perms: perm_name = perm.permission.permission_name.replace('group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserRepoToPerm.create(perm.user, new_repo, perm_obj) for perm in group_perms: perm_name = perm.permission.permission_name.replace('group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj) else: perm_obj = self._create_default_perms(new_repo, private) self.sa.add(perm_obj) # now automatically start following this repository as owner ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, owner.user_id) # we need to flush here, in order to check if database won't # throw any exceptions, create filesystem dirs at the very end self.sa.flush() return new_repo except Exception: log.error(traceback.format_exc()) raise
def update(self, form_result): perm_user = User.get_by_username(username=form_result['perm_user_name']) try: # stage 1 set anonymous access if perm_user.username == User.DEFAULT_USER: perm_user.active = str2bool(form_result['anonymous']) self.sa.add(perm_user) # stage 2 reset defaults and set them from form data def _make_new(usr, perm_name): log.debug('Creating new permission:%s' % (perm_name)) new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new # clear current entries, to make this function idempotent # it will fix even if we define more permissions or permissions # are somehow missing u2p = self.sa.query(UserToPerm)\ .filter(UserToPerm.user == perm_user)\ .all() for p in u2p: self.sa.delete(p) #create fresh set of permissions for def_perm_key in ['default_repo_perm', 'default_group_perm', 'default_user_group_perm', 'default_repo_create', 'create_on_write', # special case for create repos on write access to group #'default_repo_group_create', #not implemented yet 'default_user_group_create', 'default_fork', 'default_register', 'default_extern_activate']: p = _make_new(perm_user, form_result[def_perm_key]) self.sa.add(p) #stage 3 update all default permissions for repos if checked if form_result['overwrite_default_repo']: _def_name = form_result['default_repo_perm'].split('repository.')[-1] _def = Permission.get_by_key('repository.' + _def_name) # repos for r2p in self.sa.query(UserRepoToPerm)\ .filter(UserRepoToPerm.user == perm_user)\ .all(): #don't reset PRIVATE repositories if not r2p.repository.private: r2p.permission = _def self.sa.add(r2p) if form_result['overwrite_default_group']: _def_name = form_result['default_group_perm'].split('group.')[-1] # groups _def = Permission.get_by_key('group.' + _def_name) for g2p in self.sa.query(UserRepoGroupToPerm)\ .filter(UserRepoGroupToPerm.user == perm_user)\ .all(): g2p.permission = _def self.sa.add(g2p) if form_result['overwrite_default_user_group']: _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1] # groups _def = Permission.get_by_key('usergroup.' + _def_name) for g2p in self.sa.query(UserUserGroupToPerm)\ .filter(UserUserGroupToPerm.user == perm_user)\ .all(): g2p.permission = _def self.sa.add(g2p) self.sa.commit() except (DatabaseError,): log.error(traceback.format_exc()) self.sa.rollback() raise
def test_default_perms_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post( base.url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True, '_session_csrf_secret_token': self.session_csrf_secret_token() }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group ') ## ENABLE REPO CREATE ON A GROUP response = self.app.post( base.url('edit_user_group_default_perms_update', id=ug.users_group_id), { 'create_repo_perm': True, '_session_csrf_secret_token': self.session_csrf_secret_token() }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group == ug).all() assert sorted([[ x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]]) ## DISABLE REPO CREATE ON A GROUP response = self.app.post(base.url( 'edit_user_group_default_perms_update', id=ug.users_group_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group == ug).all() assert sorted([[ x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]]) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.post(base.url('delete_users_group', id=ug.users_group_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) response = response.follow() gr = Session().query(UserGroup) \ .filter(UserGroup.users_group_name == users_group_name).scalar() assert gr is None p = Permission.get_by_key('hg.create.repository') perms = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[ x.users_group_id, x.permission_id, ] for x in perms] assert perms == []
def _make_new(usr, perm_name): log.debug('Creating new permission:%s' % (perm_name)) new = UserToPerm() new.user = usr new.permission = Permission.get_by_key(perm_name) return new