def delete_user(self, apiuser, userid): """" Deletes an user :param apiuser: :param userid: """ user = get_user_or_error(userid) try: UserModel().delete(userid) Session().commit() return dict(msg='deleted user ID:%s %s' % (user.user_id, user.username), user=None) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to delete ID:%s %s' % (user.user_id, user.username))
def rescan_repos(self, apiuser, remove_obsolete=Optional(False)): """ Dispatch rescan repositories action. If remove_obsolete is set than also delete repos that are in database but not in the filesystem. aka "clean zombies" :param apiuser: :param remove_obsolete: """ try: rm_obsolete = Optional.extract(remove_obsolete) added, removed = repo2db_mapper(ScmModel().repo_scan(), remove_obsolete=rm_obsolete) return {'added': added, 'removed': removed} except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'Error occurred during rescan repositories action')
def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))): """" Get a user by username, or userid, if userid is given :param apiuser: :param userid: """ if not HasPermissionAnyApi('hg.admin')(user=apiuser): #make sure normal user does not pass someone else userid, #he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: raise JSONRPCError('userid is not the same as your user') if isinstance(userid, Optional): userid = apiuser.user_id user = get_user_or_error(userid) data = user.get_api_data() data['permissions'] = AuthUser(user_id=user.user_id).permissions return data
def get_repo(self, apiuser, repoid): """" Get repository by name :param apiuser: :param repoid: """ repo = get_repo_or_error(repoid) if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: # check if we have admin permission for this repo ! if HasRepoPermissionAnyApi('repository.admin')(user=apiuser, repo_name=repo.repo_name) is False: raise JSONRPCError('repository `%s` does not exist' % (repoid)) members = [] followers = [] for user in repo.repo_to_perm: perm = user.permission.permission_name user = user.user user_data = user.get_api_data() user_data['type'] = "user" user_data['permission'] = perm members.append(user_data) for users_group in repo.users_group_to_perm: perm = users_group.permission.permission_name users_group = users_group.users_group users_group_data = users_group.get_api_data() users_group_data['type'] = "users_group" users_group_data['permission'] = perm members.append(users_group_data) for user in repo.followers: followers.append(user.user.get_api_data()) data = repo.get_api_data() data['members'] = members data['followers'] = followers return data
def remove_user_from_users_group(self, apiuser, usersgroupid, userid): """ Remove user from a group :param apiuser: :param usersgroupid: :param userid: """ user = get_user_or_error(userid) users_group = get_users_group_or_error(usersgroupid) try: success = UserGroupModel().remove_user_from_group( users_group, user) msg = 'removed member `%s` from user group `%s`' % ( user.username, users_group.users_group_name) msg = msg if success else "User wasn't in group" Session().commit() return dict(success=success, msg=msg) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to remove member from user group `%s`' % (users_group.users_group_name))
def grant_users_group_permission(self, apiuser, repoid, usersgroupid, perm): """ Grant permission for user group on given repository, or update existing one if found :param apiuser: :param repoid: :param usersgroupid: :param perm: """ repo = get_repo_or_error(repoid) perm = get_perm_or_error(perm) users_group = get_users_group_or_error(usersgroupid) try: RepoModel().grant_users_group_permission(repo=repo, group_name=users_group, perm=perm) Session().commit() return dict( msg='Granted perm: `%s` for user group: `%s` in ' 'repo: `%s`' % ( perm.permission_name, users_group.users_group_name, repo.repo_name ), success=True ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'failed to edit permission for user group: `%s` in ' 'repo: `%s`' % ( usersgroupid, repo.repo_name ) )
def get_locks(self, apiuser, userid=Optional(OAttr('apiuser'))): """ Get all locks for given userid, if this command is runned by non-admin account userid is set to user who is calling this method, thus returning locks for himself :param apiuser: :param userid: """ if HasPermissionAnyApi('hg.admin')(user=apiuser): pass else: #make sure normal user does not pass someone else userid, #he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) ret = [] if isinstance(userid, Optional): user = None else: user = get_user_or_error(userid) #show all locks for r in Repository.getAll(): userid, time_ = r.locked if time_: _api_data = r.get_api_data() # if we use userfilter just show the locks for this user if user: if safe_int(userid) == user.user_id: ret.append(_api_data) else: ret.append(_api_data) return ret
def add_user_to_users_group(self, apiuser, usersgroupid, userid): """" Add a user to a user group :param apiuser: :param usersgroupid: :param userid: """ user = get_user_or_error(userid) users_group = get_users_group_or_error(usersgroupid) try: ugm = UserGroupModel().add_user_to_group(users_group, user) success = True if ugm != True else False msg = 'added member `%s` to user group `%s`' % ( user.username, users_group.users_group_name) msg = msg if success else 'User is already in that group' Session().commit() return dict(success=success, msg=msg) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to add member to user group `%s`' % (users_group.users_group_name))
def revoke_users_group_permission(self, apiuser, repoid, usersgroupid): """ Revoke permission for user group on given repository :param apiuser: :param repoid: :param usersgroupid: """ repo = get_repo_or_error(repoid) users_group = get_users_group_or_error(usersgroupid) try: RepoModel().revoke_users_group_permission(repo=repo, group_name=users_group) Session().commit() return dict(msg='Revoked perm for user group: `%s` in repo: `%s`' % (users_group.users_group_name, repo.repo_name), success=True) except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'failed to edit permission for user group: `%s` in ' 'repo: `%s`' % (users_group.users_group_name, repo.repo_name))
def create_repo(self, apiuser, repo_name, owner=Optional(OAttr('apiuser')), repo_type=Optional('hg'), description=Optional(''), private=Optional(False), clone_uri=Optional(None), landing_rev=Optional('tip'), enable_statistics=Optional(False), enable_locking=Optional(False), enable_downloads=Optional(False)): """ Create repository, if clone_url is given it makes a remote clone if repo_name is within a group name the groups will be created automatically if they aren't present :param apiuser: :param repo_name: :param onwer: :param repo_type: :param description: :param private: :param clone_uri: :param landing_rev: """ if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: if not isinstance(owner, Optional): #forbid setting owner for non-admins raise JSONRPCError( 'Only RhodeCode admin can specify `owner` param' ) if isinstance(owner, Optional): owner = apiuser.user_id owner = get_user_or_error(owner) if RepoModel().get_by_repo_name(repo_name): raise JSONRPCError("repo `%s` already exist" % repo_name) defs = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) if isinstance(private, Optional): private = defs.get('repo_private') or Optional.extract(private) if isinstance(repo_type, Optional): repo_type = defs.get('repo_type') if isinstance(enable_statistics, Optional): enable_statistics = defs.get('repo_enable_statistics') if isinstance(enable_locking, Optional): enable_locking = defs.get('repo_enable_locking') if isinstance(enable_downloads, Optional): enable_downloads = defs.get('repo_enable_downloads') clone_uri = Optional.extract(clone_uri) description = Optional.extract(description) landing_rev = Optional.extract(landing_rev) try: # create structure of groups and return the last group group = map_groups(repo_name) repo = RepoModel().create_repo( repo_name=repo_name, repo_type=repo_type, description=description, owner=owner, private=private, clone_uri=clone_uri, repos_group=group, landing_rev=landing_rev, enable_statistics=enable_statistics, enable_downloads=enable_downloads, enable_locking=enable_locking ) Session().commit() return dict( msg="Created new repository `%s`" % (repo.repo_name), repo=repo.get_api_data() ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to create repository `%s`' % repo_name)
def lock(self, apiuser, repoid, locked=Optional(None), userid=Optional(OAttr('apiuser'))): """ Set locking state on particular repository by given user, if this command is runned by non-admin account userid is set to user who is calling this method :param apiuser: :param repoid: :param userid: :param locked: """ repo = get_repo_or_error(repoid) if HasPermissionAnyApi('hg.admin')(user=apiuser): pass elif HasRepoPermissionAnyApi('repository.admin', 'repository.write')(user=apiuser, repo_name=repo.repo_name): #make sure normal user does not pass someone else userid, #he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) else: raise JSONRPCError('repository `%s` does not exist' % (repoid)) if isinstance(userid, Optional): userid = apiuser.user_id user = get_user_or_error(userid) if isinstance(locked, Optional): lockobj = Repository.getlock(repo) if lockobj[0] is None: return ('Repo `%s` not locked. Locked=`False`.' % (repo.repo_name)) else: userid, time_ = lockobj user = get_user_or_error(userid) return ('Repo `%s` locked by `%s`. Locked=`True`. ' 'Locked since: `%s`' % (repo.repo_name, user.username, json.dumps(time_to_datetime(time_)))) else: locked = str2bool(locked) try: if locked: Repository.lock(repo, user.user_id) else: Repository.unlock(repo) return ('User `%s` set lock state for repo `%s` to `%s`' % (user.username, repo.repo_name, locked)) except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'Error occurred locking repository `%s`' % repo.repo_name )
def fork_repo(self, apiuser, repoid, fork_name, owner=Optional(OAttr('apiuser')), description=Optional(''), copy_permissions=Optional(False), private=Optional(False), landing_rev=Optional('tip')): repo = get_repo_or_error(repoid) repo_name = repo.repo_name _repo = RepoModel().get_by_repo_name(fork_name) if _repo: type_ = 'fork' if _repo.fork else 'repo' raise JSONRPCError("%s `%s` already exist" % (type_, fork_name)) if HasPermissionAnyApi('hg.admin')(user=apiuser): pass elif HasRepoPermissionAnyApi('repository.admin', 'repository.write', 'repository.read')( user=apiuser, repo_name=repo.repo_name): if not isinstance(owner, Optional): #forbid setting owner for non-admins raise JSONRPCError( 'Only RhodeCode admin can specify `owner` param') else: raise JSONRPCError('repository `%s` does not exist' % (repoid)) if isinstance(owner, Optional): owner = apiuser.user_id owner = get_user_or_error(owner) try: # create structure of groups and return the last group group = map_groups(fork_name) form_data = dict( repo_name=fork_name, repo_name_full=fork_name, repo_group=group, repo_type=repo.repo_type, description=Optional.extract(description), private=Optional.extract(private), copy_permissions=Optional.extract(copy_permissions), landing_rev=Optional.extract(landing_rev), update_after_clone=False, fork_parent_id=repo.repo_id, ) RepoModel().create_fork(form_data, cur_user=owner) return dict( msg='Created fork of `%s` as `%s`' % (repo.repo_name, fork_name), success=True # cannot return the repo data here since fork # cann be done async ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to fork repository `%s` as `%s`' % (repo_name, fork_name))
def update_repo(self, apiuser, repoid, name=Optional(None), owner=Optional(OAttr('apiuser')), group=Optional(None), description=Optional(''), private=Optional(False), clone_uri=Optional(None), landing_rev=Optional('tip'), enable_statistics=Optional(False), enable_locking=Optional(False), enable_downloads=Optional(False)): """ Updates repo :param apiuser: filled automatically from apikey :type apiuser: AuthUser :param repoid: repository name or repository id :type repoid: str or int :param name: :param owner: :param group: :param description: :param private: :param clone_uri: :param landing_rev: :param enable_statistics: :param enable_locking: :param enable_downloads: """ repo = get_repo_or_error(repoid) if not HasPermissionAnyApi('hg.admin')(user=apiuser): # check if we have admin permission for this repo ! if not HasRepoPermissionAnyApi('repository.admin')( user=apiuser, repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid, )) updates = { # update function requires this. 'repo_name': repo.repo_name } repo_group = group if not isinstance(repo_group, Optional): repo_group = get_repo_group_or_error(repo_group) repo_group = repo_group.group_id try: store_update(updates, name, 'repo_name') store_update(updates, repo_group, 'repo_group') store_update(updates, owner, 'user') store_update(updates, description, 'repo_description') store_update(updates, private, 'repo_private') store_update(updates, clone_uri, 'clone_uri') store_update(updates, landing_rev, 'repo_landing_rev') store_update(updates, enable_statistics, 'repo_enable_statistics') store_update(updates, enable_locking, 'repo_enable_locking') store_update(updates, enable_downloads, 'repo_enable_downloads') RepoModel().update(repo, **updates) Session().commit() return dict(msg='updated repo ID:%s %s' % (repo.repo_id, repo.repo_name), repository=repo.get_api_data()) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to update repo `%s`' % repoid)