def validate_python(self, value, state): if value in ['default']: msg = M(self, 'invalid_group', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) #check if group is unique old_ugname = None if edit: old_id = old_data.get('users_group_id') old_ugname = UserGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UserGroup.get_by_group_name(value, case_insensitive=True) if is_existing_group: msg = M(self, 'group_exist', state, usergroup=value) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: msg = M(self, 'invalid_usergroup_name', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) )
def enforce_groups(self, user, groups, extern_type=None): user = User.guess_instance(user) log.debug('Enforcing groups %s on user %s', user, groups) current_groups = user.group_member # find the external created groups externals = [ x.users_group for x in current_groups if 'extern_type' in x.users_group.group_data ] # calculate from what groups user should be removed # externals that are not in groups for gr in externals: if gr.users_group_name not in groups: log.debug('Removing user %s from user group %s', user, gr) self.remove_user_from_group(gr, user) # now we calculate in which groups user should be == groups params owner = User.get_first_admin().username for gr in set(groups): existing_group = UserGroup.get_by_group_name(gr) if not existing_group: desc = u'Automatically created from plugin:%s' % extern_type # we use first admin account to set the owner of the group existing_group = UserGroupModel().create( gr, desc, owner, group_data={'extern_type': extern_type}) # we can only add users to special groups created via plugins managed = 'extern_type' in existing_group.group_data if managed: log.debug('Adding user %s to user group %s', user, gr) UserGroupModel().add_user_to_group(existing_group, user) else: log.debug('Skipping addition to group %s since it is ' 'not managed by auth plugins' % gr)
def create_user_group(self, name, **kwargs): if 'skip_if_exists' in kwargs: del kwargs['skip_if_exists'] gr = UserGroup.get_by_group_name(group_name=name) if gr: return gr form_data = self._get_user_group_create_params(name, **kwargs) owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN) user_group = UserGroupModel().create( name=form_data['users_group_name'], description=form_data['user_group_description'], owner=owner, active=form_data['users_group_active'], group_data=form_data['user_group_data']) Session().commit() user_group = UserGroup.get_by_group_name(user_group.users_group_name) return user_group
def validate_python(self, value, state): if value in ['default']: msg = self.message('invalid_group', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg)) #check if group is unique old_ugname = None if edit: old_id = old_data.get('users_group_id') old_ugname = UserGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UserGroup.get_by_group_name( value, case_insensitive=True) if is_existing_group: msg = self.message('group_exist', state, usergroup=value) raise formencode.Invalid( msg, value, state, error_dict=dict(users_group_name=msg)) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: msg = self.message('invalid_usergroup_name', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg))
def enforce_groups(self, user, groups, extern_type=None): user = User.guess_instance(user) log.debug('Enforcing groups %s on user %s', user, groups) current_groups = user.group_member # find the external created groups externals = [x.users_group for x in current_groups if 'extern_type' in x.users_group.group_data] # calculate from what groups user should be removed # externals that are not in groups for gr in externals: if gr.users_group_name not in groups: log.debug('Removing user %s from user group %s', user, gr) self.remove_user_from_group(gr, user) # now we calculate in which groups user should be == groups params owner = User.get_first_admin().username for gr in set(groups): existing_group = UserGroup.get_by_group_name(gr) if not existing_group: desc = u'Automatically created from plugin:%s' % extern_type # we use first admin account to set the owner of the group existing_group = UserGroupModel().create(gr, desc, owner, group_data={'extern_type': extern_type}) # we can only add users to special groups created via plugins managed = 'extern_type' in existing_group.group_data if managed: log.debug('Adding user %s to user group %s', user, gr) UserGroupModel().add_user_to_group(existing_group, user) else: log.debug('Skipping addition to group %s since it is ' 'not managed by auth plugins' % gr)
def get_by_name(self, name, cache=False, case_insensitive=False): return UserGroup.get_by_group_name(name, cache, case_insensitive)
def test_default_perms_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post( base.url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True, '_session_csrf_secret_token': self.session_csrf_secret_token() }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group ') ## ENABLE REPO CREATE ON A GROUP response = self.app.post( base.url('edit_user_group_default_perms_update', id=ug.users_group_id), { 'create_repo_perm': True, '_session_csrf_secret_token': self.session_csrf_secret_token() }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group == ug).all() assert sorted([[ x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]]) ## DISABLE REPO CREATE ON A GROUP response = self.app.post(base.url( 'edit_user_group_default_perms_update', id=ug.users_group_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group == ug).all() assert sorted([[ x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]]) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.post(base.url('delete_users_group', id=ug.users_group_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) response = response.follow() gr = Session().query(UserGroup) \ .filter(UserGroup.users_group_name == users_group_name).scalar() assert gr is None p = Permission.get_by_key('hg.create.repository') perms = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[ x.users_group_id, x.permission_id, ] for x in perms] assert perms == []
def test_default_perms_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post(url('users_groups'), {'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group ') ## ENABLE REPO CREATE ON A GROUP response = self.app.put(url('edit_user_group_default_perms', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) ## DISABLE REPO CREATE ON A GROUP response = self.app.put( url('edit_user_group_default_perms', id=ug.users_group_id), {}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = Session().query(UserGroup)\ .filter(UserGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual(perms, [])
def users_and_groups_data(self): """ Returns 'results' with a list of users and user groups. You can either use the 'key' GET parameter to get a user by providing the exact user key or you can use the 'query' parameter to search for users by user key, first name and last name. 'types' defaults to just 'users' but can be set to 'users,groups' to get both users and groups. No more than 500 results (of each kind) will be returned. """ types = request.GET.get('types', 'users').split(',') key = request.GET.get('key', '') query = request.GET.get('query', '') results = [] if 'users' in types: user_list = [] if key: u = User.get_by_username(key) if u: user_list = [u] elif query: user_list = User.query() \ .filter(User.is_default_user == False) \ .filter(User.active == True) \ .filter(or_( User.username.ilike("%%" + query + "%%"), User.name.ilike("%%" + query + "%%"), User.lastname.ilike("%%" + query + "%%"), )) \ .order_by(User.username) \ .limit(500) \ .all() for u in user_list: results.append({ 'type': 'user', 'id': u.user_id, 'nname': u.username, 'fname': u.name, 'lname': u.lastname, 'gravatar_lnk': h.gravatar_url(u.email, size=28, default='default'), 'gravatar_size': 14, }) if 'groups' in types: grp_list = [] if key: grp = UserGroup.get_by_group_name(key) if grp: grp_list = [grp] elif query: grp_list = UserGroup.query() \ .filter(UserGroup.users_group_name.ilike("%%" + query + "%%")) \ .filter(UserGroup.users_group_active == True) \ .order_by(UserGroup.users_group_name) \ .limit(500) \ .all() for g in UserGroupList(grp_list, perm_level='read'): results.append({ 'type': 'group', 'id': g.users_group_id, 'grname': g.users_group_name, }) return dict(results=results)
def test_default_perms_enable_repository_fork_on_group(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another2' response = self.app.post( url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True }) response.follow() ug = UserGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'Created user group ') ## ENABLE REPO CREATE ON A GROUP response = self.app.put( url('edit_user_group_default_perms', id=ug.users_group_id), {'fork_repo_perm': True}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.repository') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[ x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) ## DISABLE REPO CREATE ON A GROUP response = self.app.put( url('edit_user_group_default_perms', id=ug.users_group_id), {}) response.follow() ug = UserGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.usergroup.create.false') p3 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[ x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id], [ug.users_group_id, p3.permission_id]])) # DELETE ! ug = UserGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = Session().query(UserGroup)\ .filter(UserGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.fork.repository') perms = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group_id == ugid).all() perms = [[ x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual(perms, [])