def test_remove_group(self):
sg1 = fixture.create_group("deleteme")
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path("deteteme"))
sg1 = fixture.create_group("deleteme", group_parent_id=self.g1.group_id)
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path("test1", "deteteme"))
def test_remove_group(self):
sg1 = _make_group('deleteme')
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('deteteme'))
sg1 = _make_group('deleteme', parent_id=self.g1.group_id)
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('test1', 'deteteme'))
def test_remove_group(self):
sg1 = fixture.create_repo_group('deleteme')
self.__delete_group(sg1.group_id)
assert RepoGroup.get(sg1.group_id) is None
assert not self.__check_path('deteteme')
sg1 = fixture.create_repo_group('test1/deleteme')
self.__delete_group(sg1.group_id)
assert RepoGroup.get(sg1.group_id) is None
assert not self.__check_path('test1', 'deteteme')
def test_remove_group(self):
sg1 = _make_group('deleteme')
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('deteteme'))
sg1 = _make_group('deleteme', parent_id=self.g1.group_id)
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('test1', 'deteteme'))
def update(self, repos_group_id, form_data):
try:
repos_group = RepoGroup.get(repos_group_id)
# update permissions
for member, perm, member_type in form_data['perms_updates']:
if member_type == 'user':
# this updates also current one if found
ReposGroupModel().grant_user_permission(
repos_group=repos_group, user=member, perm=perm
)
else:
ReposGroupModel().grant_users_group_permission(
repos_group=repos_group, group_name=member, perm=perm
)
# set new permissions
for member, perm, member_type in form_data['perms_new']:
if member_type == 'user':
ReposGroupModel().grant_user_permission(
repos_group=repos_group, user=member, perm=perm
)
else:
ReposGroupModel().grant_users_group_permission(
repos_group=repos_group, group_name=member, perm=perm
)
old_path = repos_group.full_path
# change properties
repos_group.group_description = form_data['group_description']
repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
repos_group.group_parent_id = form_data['group_parent_id']
repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
new_path = repos_group.full_path
self.sa.add(repos_group)
# we need to get all repositories from this new group and
# rename them accordingly to new group path
for r in repos_group.repositories:
r.repo_name = r.get_new_name(r.just_name)
self.sa.add(r)
self.__rename_group(old_path, new_path)
return repos_group
except:
log.error(traceback.format_exc())
raise
def update(self, repos_group_id, form_data):
try:
repos_group = RepoGroup.get(repos_group_id)
# update permissions
for member, perm, member_type in form_data['perms_updates']:
if member_type == 'user':
# this updates also current one if found
ReposGroupModel().grant_user_permission(
repos_group=repos_group, user=member, perm=perm)
else:
ReposGroupModel().grant_users_group_permission(
repos_group=repos_group, group_name=member, perm=perm)
# set new permissions
for member, perm, member_type in form_data['perms_new']:
if member_type == 'user':
ReposGroupModel().grant_user_permission(
repos_group=repos_group, user=member, perm=perm)
else:
ReposGroupModel().grant_users_group_permission(
repos_group=repos_group, group_name=member, perm=perm)
old_path = repos_group.full_path
# change properties
repos_group.group_description = form_data['group_description']
repos_group.parent_group = RepoGroup.get(
form_data['group_parent_id'])
repos_group.group_parent_id = form_data['group_parent_id']
repos_group.group_name = repos_group.get_new_name(
form_data['group_name'])
new_path = repos_group.full_path
self.sa.add(repos_group)
# we need to get all repositories from this new group and
# rename them accordingly to new group path
for r in repos_group.repositories:
r.repo_name = r.get_new_name(r.just_name)
self.sa.add(r)
self.__rename_group(old_path, new_path)
return repos_group
except:
log.error(traceback.format_exc())
raise
def __load_data(self, group_id):
"""
Load defaults settings for edit, and update
:param group_id:
"""
self.__load_defaults()
repo_group = RepoGroup.get(group_id)
data = repo_group.get_dict()
data['group_name'] = repo_group.name
# fill repository users
for p in repo_group.repo_group_to_perm:
data.update({'u_perm_%s' % p.user.username:
p.permission.permission_name})
# fill repository groups
for p in repo_group.users_group_to_perm:
data.update({'g_perm_%s' % p.users_group.users_group_name:
p.permission.permission_name})
return data
def create_repository(self):
"""GET /_admin/create_repository: Form to create a new item"""
new_repo = request.GET.get('repo', '')
parent_group = request.GET.get('parent_group')
if not HasPermissionAny('hg.admin', 'hg.create.repository')():
#you're not super admin nor have global create permissions,
#but maybe you have at least write permission to a parent group ?
_gr = RepoGroup.get(parent_group)
gr_name = _gr.group_name if _gr else None
if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
raise HTTPForbidden
acl_groups = GroupList(RepoGroup.query().all(),
perm_set=['group.write', 'group.admin'])
c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
choices, c.landing_revs = ScmModel().get_repo_landing_revs()
c.new_repo = repo_name_slug(new_repo)
## apply the defaults from defaults page
defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
if parent_group:
defaults.update({'repo_group': parent_group})
return htmlfill.render(
render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8"
)
def update(self, id):
"""PUT /repos_groups/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('repos_group', id=ID),
# method='put')
# url('repos_group', id=ID)
self.__load_defaults()
c.repos_group = RepoGroup.get(id)
repos_group_form = ReposGroupForm(
edit=True,
old_data=c.repos_group.get_dict(),
available_groups=c.repo_groups_choices
)()
try:
form_result = repos_group_form.to_python(dict(request.POST))
ReposGroupModel().update(id, form_result)
Session().commit()
h.flash(_('updated repos group %s') \
% form_result['group_name'], category='success')
#TODO: in future action_logger(, '', '', '', self.sa)
except formencode.Invalid, errors:
return htmlfill.render(
render('admin/repos_groups/repos_groups_edit.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def __load_data(self, group_id):
"""
Load defaults settings for edit, and update
:param group_id:
"""
self.__load_defaults()
repo_group = RepoGroup.get(group_id)
data = repo_group.get_dict()
data['group_name'] = repo_group.name
# fill repository users
for p in repo_group.repo_group_to_perm:
data.update(
{'u_perm_%s' % p.user.username: p.permission.permission_name})
# fill repository groups
for p in repo_group.users_group_to_perm:
data.update({
'g_perm_%s' % p.users_group.users_group_name:
p.permission.permission_name
})
return data
def delete(self, id):
"""DELETE /repos_groups/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('repos_group', id=ID),
# method='delete')
# url('repos_group', id=ID)
gr = RepoGroup.get(id)
repos = gr.repositories.all()
if repos:
h.flash(_('This group contains %s repositores and cannot be '
'deleted' % len(repos)),
category='error')
return redirect(url('repos_groups'))
try:
ReposGroupModel().delete(id)
Session.commit()
h.flash(_('removed repos group %s' % gr.group_name),
category='success')
#TODO: in future action_logger(, '', '', '', self.sa)
except IntegrityError, e:
if e.message.find('groups_group_parent_id_fkey') != -1:
log.error(traceback.format_exc())
h.flash(_('Cannot delete this group it still contains '
'subgroups'),
category='warning')
else:
log.error(traceback.format_exc())
h.flash(_('error occurred during deletion of repos '
'group %s' % gr.group_name),
category='error')
def update(self, id):
"""PUT /repos_groups/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('repos_group', id=ID),
# method='put')
# url('repos_group', id=ID)
self.__load_defaults()
c.repos_group = RepoGroup.get(id)
repos_group_form = ReposGroupForm(
edit=True,
old_data=c.repos_group.get_dict(),
available_groups=c.repo_groups_choices)()
try:
form_result = repos_group_form.to_python(dict(request.POST))
ReposGroupModel().update(id, form_result)
Session.commit()
h.flash(_('updated repos group %s') \
% form_result['group_name'], category='success')
#TODO: in futureaction_logger(, '', '', '', self.sa)
except formencode.Invalid, errors:
return htmlfill.render(
render('admin/repos_groups/repos_groups_edit.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def __create_repo(self, repo_name, alias, new_parent_id, clone_uri=False):
"""
makes repository on filesystem. It's group aware means it'll create
a repository within a group, and alter the paths accordingly of
group location
:param repo_name:
:param alias:
:param parent_id:
:param clone_uri:
"""
from rhodecode.lib.utils import is_valid_repo, is_valid_repos_group
if new_parent_id:
paths = RepoGroup.get(new_parent_id).full_path.split(RepoGroup.url_sep())
new_parent_path = os.sep.join(paths)
else:
new_parent_path = ""
# we need to make it str for mercurial
repo_path = os.path.join(*map(lambda x: safe_str(x), [self.repos_path, new_parent_path, repo_name]))
# check if this path is not a repository
if is_valid_repo(repo_path, self.repos_path):
raise Exception("This path %s is a valid repository" % repo_path)
# check if this path is a group
if is_valid_repos_group(repo_path, self.repos_path):
raise Exception("This path %s is a valid group" % repo_path)
log.info("creating repo %s in %s @ %s" % (repo_name, safe_unicode(repo_path), clone_uri))
backend = get_backend(alias)
backend(repo_path, create=True, src_url=clone_uri)
def update(self, repo, **kwargs):
try:
cur_repo = self._get_repo(repo)
source_repo_name = cur_repo.repo_name
if 'user' in kwargs:
cur_repo.user = User.get_by_username(kwargs['user'])
if 'repo_group' in kwargs:
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
log.debug('Updating repo %s with params:%s', cur_repo, kwargs)
update_keys = [(1, 'repo_enable_downloads'),
(1, 'repo_description'), (1, 'repo_enable_locking'),
(1, 'repo_landing_rev'), (1, 'repo_private'),
(1, 'repo_enable_statistics'), (0, 'clone_uri'),
(0, 'fork_id')]
for strip, k in update_keys:
if k in kwargs:
val = kwargs[k]
if strip:
k = remove_prefix(k, 'repo_')
if k == 'clone_uri':
from rhodecode.model.validators import Missing
_change = kwargs.get('clone_uri_change')
if _change in [Missing, 'OLD']:
# we don't change the value, so use original one
val = cur_repo.clone_uri
setattr(cur_repo, k, val)
new_name = cur_repo.get_new_name(kwargs['repo_name'])
cur_repo.repo_name = new_name
# if private flag is set, reset default permission to NONE
if kwargs.get('repo_private'):
EMPTY_PERM = 'repository.none'
RepoModel().grant_user_permission(repo=cur_repo,
user=User.DEFAULT_USER,
perm=EMPTY_PERM)
# handle extra fields
for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),
kwargs):
k = RepositoryField.un_prefix_key(field)
ex_field = RepositoryField.get_by_key_name(key=k,
repo=cur_repo)
if ex_field:
ex_field.field_value = kwargs[field]
self.sa.add(ex_field)
self.sa.add(cur_repo)
if source_repo_name != new_name:
# rename repository
self._rename_filesystem_repo(old=source_repo_name,
new=new_name)
return cur_repo
except Exception:
log.error(traceback.format_exc())
raise
def create_repository(self):
"""GET /_admin/create_repository: Form to create a new item"""
new_repo = request.GET.get('repo', '')
parent_group = request.GET.get('parent_group')
if not HasPermissionAny('hg.admin', 'hg.create.repository')():
#you're not super admin nor have global create permissions,
#but maybe you have at least write permission to a parent group ?
_gr = RepoGroup.get(parent_group)
gr_name = _gr.group_name if _gr else None
if not HasReposGroupPermissionAny(
'group.admin', 'group.write')(group_name=gr_name):
raise HTTPForbidden
acl_groups = GroupList(RepoGroup.query().all(),
perm_set=['group.write', 'group.admin'])
c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
choices, c.landing_revs = ScmModel().get_repo_landing_revs()
c.new_repo = repo_name_slug(new_repo)
## apply the defaults from defaults page
defaults = RhodeCodeSetting.get_default_repo_settings(
strip_prefix=True)
if parent_group:
defaults.update({'repo_group': parent_group})
return htmlfill.render(render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8")
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr else None # None means ROOT location
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny(
'hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionAny('group.admin')(
gr_name, 'can write into group validator')
group_write = HasRepoGroupPermissionAny('group.write')(
gr_name, 'can write into group validator')
forbidden = not (group_admin or (group_write and create_on_write))
can_create_repos = HasPermissionAny(
'hg.admin', 'hg.create.repository')
gid = (old_data['repo_group'].get('group_id')
if (old_data and 'repo_group' in old_data) else None)
value_changed = gid != safe_int(value)
new = not old_data
# do check if we changed the value, there's a case that someone got
# revoked write permissions to a repository, he still created, we
# don't need to check permission if he didn't change the value of
# groups in form box
if value_changed or new:
# parent group need to be existing
if gr and forbidden:
msg = M(self, 'permission_denied', state)
raise formencode.Invalid(
msg, value, state, error_dict={'repo_type': msg}
)
# check if we can write to root location !
elif gr is None and not can_create_repos():
msg = M(self, 'permission_denied_root', state)
raise formencode.Invalid(
msg, value, state, error_dict={'repo_type': msg}
)
def delete(self, id):
"""DELETE /repos_groups/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('repos_group', id=ID),
# method='delete')
# url('repos_group', id=ID)
gr = RepoGroup.get(id)
repos = gr.repositories.all()
if repos:
h.flash(_('This group contains %s repositores and cannot be '
'deleted') % len(repos),
category='error')
return redirect(url('repos_groups'))
try:
ReposGroupModel().delete(id)
Session().commit()
h.flash(_('removed repos group %s') % gr.group_name,
category='success')
#TODO: in future action_logger(, '', '', '', self.sa)
except IntegrityError, e:
if str(e.message).find('groups_group_parent_id_fkey') != -1:
log.error(traceback.format_exc())
h.flash(_('Cannot delete this group it still contains '
'subgroups'),
category='warning')
else:
log.error(traceback.format_exc())
h.flash(_('error occurred during deletion of repos '
'group %s') % gr.group_name, category='error')
def delete(self, users_group_id):
try:
users_group = RepoGroup.get(users_group_id)
self.sa.delete(users_group)
self.__delete_group(users_group)
except:
log.error(traceback.format_exc())
raise
def delete(self, users_group_id):
try:
users_group = RepoGroup.get(users_group_id)
self.sa.delete(users_group)
self.__delete_group(users_group)
except:
log.error(traceback.format_exc())
raise
def update(self, org_repo_name, **kwargs):
try:
cur_repo = self.get_by_repo_name(org_repo_name, cache=False)
# update permissions
for member, perm, member_type in kwargs['perms_updates']:
if member_type == 'user':
# this updates existing one
RepoModel().grant_user_permission(
repo=cur_repo, user=member, perm=perm
)
else:
RepoModel().grant_users_group_permission(
repo=cur_repo, group_name=member, perm=perm
)
# set new permissions
for member, perm, member_type in kwargs['perms_new']:
if member_type == 'user':
RepoModel().grant_user_permission(
repo=cur_repo, user=member, perm=perm
)
else:
RepoModel().grant_users_group_permission(
repo=cur_repo, group_name=member, perm=perm
)
if 'user' in kwargs:
cur_repo.user = User.get_by_username(kwargs['user'])
if 'repo_group' in kwargs:
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
for strip, k in [(0, 'repo_type'), (1, 'repo_enable_downloads'),
(1, 'repo_description'), (1, 'repo_enable_locking'),
(1, 'repo_landing_rev'), (0, 'clone_uri'),
(1, 'repo_private'), (1, 'repo_enable_statistics')]:
if k in kwargs:
val = kwargs[k]
if strip:
k = remove_prefix(k, 'repo_')
setattr(cur_repo, k, val)
new_name = cur_repo.get_new_name(kwargs['repo_name'])
cur_repo.repo_name = new_name
self.sa.add(cur_repo)
if org_repo_name != new_name:
# rename repository
self.__rename_repo(old=org_repo_name, new=new_name)
return cur_repo
except:
log.error(traceback.format_exc())
raise
def update(self, repos_group_id, form_data):
try:
repos_group = RepoGroup.get(repos_group_id)
recursive = form_data['recursive']
# iterate over all members(if in recursive mode) of this groups and
# set the permissions !
# this can be potentially heavy operation
self._update_permissions(repos_group, form_data['perms_new'],
form_data['perms_updates'], recursive)
old_path = repos_group.full_path
# change properties
repos_group.group_description = form_data['group_description']
repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
repos_group.group_parent_id = form_data['group_parent_id']
repos_group.enable_locking = form_data['enable_locking']
repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
new_path = repos_group.full_path
self.sa.add(repos_group)
# iterate over all members of this groups and set the locking !
# this can be potentially heavy operation
for obj in repos_group.recursive_groups_and_repos():
#set the value from it's parent
obj.enable_locking = repos_group.enable_locking
self.sa.add(obj)
# we need to get all repositories from this new group and
# rename them accordingly to new group path
for r in repos_group.repositories:
r.repo_name = r.get_new_name(r.just_name)
self.sa.add(r)
self.__rename_group(old_path, new_path)
return repos_group
except:
log.error(traceback.format_exc())
raise
def update(self, repos_group, form_data):
try:
repos_group = self._get_repos_group(repos_group)
recursive = form_data['recursive']
# iterate over all members(if in recursive mode) of this groups and
# set the permissions !
# this can be potentially heavy operation
self._update_permissions(repos_group, form_data['perms_new'],
form_data['perms_updates'], recursive)
old_path = repos_group.full_path
# change properties
repos_group.group_description = form_data['group_description']
repos_group.group_parent_id = form_data['group_parent_id']
repos_group.enable_locking = form_data['enable_locking']
repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
new_path = repos_group.full_path
self.sa.add(repos_group)
# iterate over all members of this groups and do fixes
# set locking if given
# if obj is a repoGroup also fix the name of the group according
# to the parent
# if obj is a Repo fix it's name
# this can be potentially heavy operation
for obj in repos_group.recursive_groups_and_repos():
#set the value from it's parent
obj.enable_locking = repos_group.enable_locking
if isinstance(obj, RepoGroup):
new_name = obj.get_new_name(obj.name)
log.debug('Fixing group %s to new name %s' \
% (obj.group_name, new_name))
obj.group_name = new_name
elif isinstance(obj, Repository):
# we need to get all repositories from this new group and
# rename them accordingly to new group path
new_name = obj.get_new_name(obj.just_name)
log.debug('Fixing repo %s to new name %s' \
% (obj.repo_name, new_name))
obj.repo_name = new_name
self.sa.add(obj)
self.__rename_group(old_path, new_path)
return repos_group
except Exception:
log.error(traceback.format_exc())
raise
def update(self, repo_name, form_data):
try:
cur_repo = self.get_by_repo_name(repo_name, cache=False)
# update permissions
for member, perm, member_type in form_data['perms_updates']:
if member_type == 'user':
# this updates existing one
RepoModel().grant_user_permission(repo=cur_repo,
user=member,
perm=perm)
else:
RepoModel().grant_users_group_permission(repo=cur_repo,
group_name=member,
perm=perm)
# set new permissions
for member, perm, member_type in form_data['perms_new']:
if member_type == 'user':
RepoModel().grant_user_permission(repo=cur_repo,
user=member,
perm=perm)
else:
RepoModel().grant_users_group_permission(repo=cur_repo,
group_name=member,
perm=perm)
# update current repo
for k, v in form_data.items():
if k == 'user':
cur_repo.user = User.get_by_username(v)
elif k == 'repo_name':
pass
elif k == 'repo_group':
cur_repo.group = RepoGroup.get(v)
else:
setattr(cur_repo, k, v)
new_name = cur_repo.get_new_name(form_data['repo_name'])
cur_repo.repo_name = new_name
self.sa.add(cur_repo)
if repo_name != new_name:
# rename repository
self.__rename_repo(old=repo_name, new=new_name)
return cur_repo
except:
log.error(traceback.format_exc())
raise
def update(self, repo_name, form_data):
try:
cur_repo = self.get_by_repo_name(repo_name, cache=False)
# update permissions
for member, perm, member_type in form_data['perms_updates']:
if member_type == 'user':
# this updates existing one
RepoModel().grant_user_permission(
repo=cur_repo, user=member, perm=perm
)
else:
RepoModel().grant_users_group_permission(
repo=cur_repo, group_name=member, perm=perm
)
# set new permissions
for member, perm, member_type in form_data['perms_new']:
if member_type == 'user':
RepoModel().grant_user_permission(
repo=cur_repo, user=member, perm=perm
)
else:
RepoModel().grant_users_group_permission(
repo=cur_repo, group_name=member, perm=perm
)
# update current repo
for k, v in form_data.items():
if k == 'user':
cur_repo.user = User.get_by_username(v)
elif k == 'repo_name':
pass
elif k == 'repo_group':
cur_repo.group = RepoGroup.get(v)
else:
setattr(cur_repo, k, v)
new_name = cur_repo.get_new_name(form_data['repo_name'])
cur_repo.repo_name = new_name
self.sa.add(cur_repo)
if repo_name != new_name:
# rename repository
self.__rename_repo(old=repo_name, new=new_name)
return cur_repo
except:
log.error(traceback.format_exc())
raise
def validate_python(self, value, state):
# TODO WRITE VALIDATIONS
group_name = value.get('group_name')
group_parent_id = value.get('group_parent_id')
# slugify repo group just in case :)
slug = repo_name_slug(group_name)
# check for parent of self
parent_of_self = lambda: (
old_data['group_id'] == int(group_parent_id)
if group_parent_id else False
)
if edit and parent_of_self():
e_dict = {
'group_parent_id': _('Cannot assign this group as parent')
}
raise formencode.Invalid('', value, state,
error_dict=e_dict)
old_gname = None
if edit:
old_gname = RepoGroup.get(old_data.get('group_id')).group_name
if old_gname != group_name or not edit:
# check group
gr = RepoGroup.query()\
.filter(RepoGroup.group_name == slug)\
.filter(RepoGroup.group_parent_id == group_parent_id)\
.scalar()
if gr:
e_dict = {
'group_name': _('This group already exists')
}
raise formencode.Invalid('', value, state,
error_dict=e_dict)
# check for same repo
repo = Repository.query()\
.filter(Repository.repo_name == slug)\
.scalar()
if repo:
e_dict = {
'group_name': _('Repository with this name already exists')
}
raise formencode.Invalid('', value, state,
error_dict=e_dict)
def update(self, org_repo_name, **kwargs):
try:
cur_repo = self.get_by_repo_name(org_repo_name, cache=False)
if 'user' in kwargs:
cur_repo.user = User.get_by_username(kwargs['user'])
if 'repo_group' in kwargs:
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
for strip, k in [
(1, 'repo_enable_downloads'), (1, 'repo_description'),
(1, 'repo_enable_locking'), (1, 'repo_landing_rev'),
(0, 'clone_uri'), (1, 'repo_private'),
(1, 'repo_enable_statistics')
]:
if k in kwargs:
val = kwargs[k]
if strip:
k = remove_prefix(k, 'repo_')
setattr(cur_repo, k, val)
new_name = cur_repo.get_new_name(kwargs['repo_name'])
cur_repo.repo_name = new_name
#if private flag is set, reset default permission to NONE
if kwargs.get('repo_private'):
EMPTY_PERM = 'repository.none'
RepoModel().grant_user_permission(repo=cur_repo,
user='******',
perm=EMPTY_PERM)
#handle extra fields
for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),
kwargs):
k = RepositoryField.un_prefix_key(field)
ex_field = RepositoryField.get_by_key_name(key=k,
repo=cur_repo)
if ex_field:
ex_field.field_value = kwargs[field]
self.sa.add(ex_field)
self.sa.add(cur_repo)
if org_repo_name != new_name:
# rename repository
self.__rename_repo(old=org_repo_name, new=new_name)
return cur_repo
except Exception:
log.error(traceback.format_exc())
raise
def to_python(self, value, state):
repo_name = value.get('repo_name')
slug = repo_name_slug(repo_name)
if slug in [ADMIN_PREFIX, '']:
e_dict = {'repo_name': _('This repository name is disallowed')}
raise formencode.Invalid('', value, state, error_dict=e_dict)
if value.get('repo_group'):
gr = RepoGroup.get(value.get('repo_group'))
group_path = gr.full_path
# value needs to be aware of group name in order to check
# db key This is an actual just the name to store in the
# database
repo_name_full = group_path + RepoGroup.url_sep() + repo_name
else:
group_path = ''
repo_name_full = repo_name
value['repo_name_full'] = repo_name_full
rename = old_data.get('repo_name') != repo_name_full
create = not edit
if rename or create:
if group_path != '':
if Repository.get_by_repo_name(repo_name_full):
e_dict = {
'repo_name': _('This repository already exists in '
'a group "%s"') % gr.group_name
}
raise formencode.Invalid('', value, state,
error_dict=e_dict)
elif RepoGroup.get_by_group_name(repo_name_full):
e_dict = {
'repo_name': _('There is a group with this name '
'already "%s"') % repo_name_full
}
raise formencode.Invalid('', value, state,
error_dict=e_dict)
elif Repository.get_by_repo_name(repo_name_full):
e_dict = {'repo_name': _('This repository '
'already exists')}
raise formencode.Invalid('', value, state,
error_dict=e_dict)
return value
def validate_python(self, value, state):
# TODO WRITE VALIDATIONS
group_name = value.get('group_name')
group_parent_id = value.get('group_parent_id')
# slugify repo group just in case :)
slug = repo_name_slug(group_name)
# check for parent of self
parent_of_self = lambda: (old_data['group_id'] == int(
group_parent_id) if group_parent_id else False)
if edit and parent_of_self():
msg = M(self, 'group_parent_id', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_parent_id=msg))
old_gname = None
if edit:
old_gname = RepoGroup.get(old_data.get('group_id')).group_name
if old_gname != group_name or not edit:
# check group
gr = RepoGroup.query()\
.filter(RepoGroup.group_name == slug)\
.filter(RepoGroup.group_parent_id == group_parent_id)\
.scalar()
if gr:
msg = M(self, 'group_exists', state, group_name=slug)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_name=msg))
# check for same repo
repo = Repository.query()\
.filter(Repository.repo_name == slug)\
.scalar()
if repo:
msg = M(self, 'repo_exists', state, group_name=slug)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_name=msg))
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr else None # None means ROOT location
if can_create_in_root and gr is None:
#we can create in root, we're fine no validations required
return
forbidden_in_root = gr is None and not can_create_in_root
val = HasReposGroupPermissionAny('group.admin')
forbidden = not val(gr_name, 'can create group validator')
if forbidden_in_root or forbidden:
msg = M(self, 'permission_denied', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_parent_id=msg)
)
def validate_python(self, value, state):
# TODO WRITE VALIDATIONS
group_name = value.get('group_name')
group_parent_id = value.get('group_parent_id')
# slugify repo group just in case :)
slug = repo_name_slug(group_name)
# check for parent of self
parent_of_self = lambda: (
old_data['group_id'] == int(group_parent_id)
if group_parent_id else False
)
if edit and parent_of_self():
msg = M(self, 'group_parent_id', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_parent_id=msg)
)
old_gname = None
if edit:
old_gname = RepoGroup.get(old_data.get('group_id')).group_name
if old_gname != group_name or not edit:
# check group
gr = RepoGroup.query()\
.filter(RepoGroup.group_name == slug)\
.filter(RepoGroup.group_parent_id == group_parent_id)\
.scalar()
if gr:
msg = M(self, 'group_exists', state, group_name=slug)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_name=msg)
)
# check for same repo
repo = Repository.query()\
.filter(Repository.repo_name == slug)\
.scalar()
if repo:
msg = M(self, 'repo_exists', state, group_name=slug)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_name=msg)
)
def update(self, org_repo_name, **kwargs):
try:
cur_repo = self.get_by_repo_name(org_repo_name, cache=False)
if 'user' in kwargs:
cur_repo.user = User.get_by_username(kwargs['user'])
if 'repo_group' in kwargs:
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
for strip, k in [(1, 'repo_enable_downloads'),
(1, 'repo_description'), (1, 'repo_enable_locking'),
(1, 'repo_landing_rev'), (0, 'clone_uri'),
(1, 'repo_private'), (1, 'repo_enable_statistics')]:
if k in kwargs:
val = kwargs[k]
if strip:
k = remove_prefix(k, 'repo_')
setattr(cur_repo, k, val)
new_name = cur_repo.get_new_name(kwargs['repo_name'])
cur_repo.repo_name = new_name
#if private flag is set, reset default permission to NONE
if kwargs.get('repo_private'):
EMPTY_PERM = 'repository.none'
RepoModel().grant_user_permission(
repo=cur_repo, user='******', perm=EMPTY_PERM
)
#handle extra fields
for field in filter(lambda k: k.startswith(RepositoryField.PREFIX), kwargs):
k = RepositoryField.un_prefix_key(field)
ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo)
if ex_field:
ex_field.field_value = kwargs[field]
self.sa.add(ex_field)
self.sa.add(cur_repo)
if org_repo_name != new_name:
# rename repository
self.__rename_repo(old=org_repo_name, new=new_name)
return cur_repo
except Exception:
log.error(traceback.format_exc())
raise
def edit(self, id, format='html'):
"""GET /repos_groups/id/edit: Form to edit an existing item"""
# url('edit_repos_group', id=ID)
id_ = int(id)
c.repos_group = RepoGroup.get(id_)
defaults = self.__load_data(id_)
# we need to exclude this group from the group list for editing
c.repo_groups = filter(lambda x: x[0] != id_, c.repo_groups)
return htmlfill.render(
render('admin/repos_groups/repos_groups_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def edit(self, id, format='html'):
"""GET /repos_groups/id/edit: Form to edit an existing item"""
# url('edit_repos_group', id=ID)
id_ = int(id)
c.repos_group = RepoGroup.get(id_)
defaults = self.__load_data(id_)
# we need to exclude this group from the group list for editing
c.repo_groups = filter(lambda x: x[0] != id_, c.repo_groups)
return htmlfill.render(
render('admin/repos_groups/repos_groups_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def _to_python(self, value, state):
group_name = repo_name_slug(value.get('group_name', ''))
group_parent_id = safe_int(value.get('group_parent_id'))
gr = RepoGroup.get(group_parent_id)
if gr:
parent_group_path = gr.full_path
# value needs to be aware of group name in order to check
# db key This is an actual just the name to store in the
# database
group_name_full = (
parent_group_path + RepoGroup.url_sep() + group_name)
else:
group_name_full = group_name
value['group_name'] = group_name
value['group_name_full'] = group_name_full
value['group_parent_id'] = group_parent_id
return value
def new(self, format='html'):
"""GET /repos_groups/new: Form to create a new item"""
# url('new_repos_group')
if HasPermissionAll('hg.admin')('group create'):
#we're global admin, we're ok and we can create TOP level groups
pass
else:
# we pass in parent group into creation form, thus we know
# what would be the group, we can check perms here !
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
if HasReposGroupPermissionAll('group.admin')(group_name, 'group create'):
pass
else:
return abort(403)
self.__load_defaults()
return render('admin/repos_groups/repos_groups_add.html')
def new(self, format='html'):
"""GET /repos_groups/new: Form to create a new item"""
# url('new_repos_group')
if HasPermissionAll('hg.admin')('group create'):
#we're global admin, we're ok and we can create TOP level groups
pass
else:
# we pass in parent group into creation form, thus we know
# what would be the group, we can check perms here !
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
if HasReposGroupPermissionAll('group.admin')(group_name,
'group create'):
pass
else:
return abort(403)
self.__load_defaults()
return render('admin/repos_groups/repos_groups_add.html')
def _to_python(self, value, state):
repo_name = repo_name_slug(value.get('repo_name', ''))
repo_group = value.get('repo_group')
if repo_group:
gr = RepoGroup.get(repo_group)
group_path = gr.full_path
group_name = gr.group_name
# value needs to be aware of group name in order to check
# db key This is an actual just the name to store in the
# database
repo_name_full = group_path + RepoGroup.url_sep() + repo_name
else:
group_name = group_path = ''
repo_name_full = repo_name
value['repo_name'] = repo_name
value['repo_name_full'] = repo_name_full
value['group_path'] = group_path
value['group_name'] = group_name
return value
def _can_create_repo_group(self, parent_group_id=None):
is_admin = HasPermissionAll('hg.admin')('group create controller')
create_repo_group = HasPermissionAll('hg.repogroup.create.true')(
'group create controller')
if is_admin or (create_repo_group and not parent_group_id):
# we're global admin, or we have global repo group create
# permission
# we're ok and we can create TOP level groups
return True
elif parent_group_id:
# we check the permission if we can write to parent group
group = RepoGroup.get(parent_group_id)
group_name = group.group_name if group else None
if HasRepoGroupPermissionAll('group.admin')(
group_name, 'check if user is an admin of group'):
# we're an admin of passed in group, we're ok.
return True
else:
return False
return False
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr else None # None means ROOT location
val = HasReposGroupPermissionAny('group.write', 'group.admin')
can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
forbidden = not val(gr_name, 'can write into group validator')
value_changed = True # old_data['repo_group'].get('group_id') != safe_int(value)
if value_changed: # do check if we changed the value
#parent group need to be existing
if gr and forbidden:
msg = M(self, 'permission_denied', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(repo_type=msg)
)
## check if we can write to root location !
elif gr is None and not can_create_repos():
msg = M(self, 'permission_denied_root', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(repo_type=msg)
)
def create_repository(self):
"""GET /_admin/create_repository: Form to create a new item"""
new_repo = request.GET.get('repo', '')
parent_group = request.GET.get('parent_group')
if not HasPermissionAny('hg.admin', 'hg.create.repository')():
# you're not super admin nor have global create permissions,
# but maybe you have at least write permission to a parent group ?
_gr = RepoGroup.get(parent_group)
gr_name = _gr.group_name if _gr else None
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny(
'hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionAny('group.admin')(
group_name=gr_name)
group_write = HasRepoGroupPermissionAny('group.write')(
group_name=gr_name)
if not (group_admin or (group_write and create_on_write)):
raise HTTPForbidden
acl_groups = RepoGroupList(RepoGroup.query().all(),
perm_set=['group.write', 'group.admin'])
c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
choices, c.landing_revs = ScmModel().get_repo_landing_revs()
c.personal_repo_group = RepoGroup.get_by_group_name(
c.rhodecode_user.username)
c.new_repo = repo_name_slug(new_repo)
## apply the defaults from defaults page
defaults = SettingsModel().get_default_repo_settings(strip_prefix=True)
# set checkbox to autochecked
defaults['repo_copy_permissions'] = True
if parent_group:
defaults.update({'repo_group': parent_group})
return htmlfill.render(render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
def show(self, id, format='html'):
"""GET /repos_groups/id: Show a specific item"""
# url('repos_group', id=ID)
c.group = RepoGroup.get(id)
if c.group:
c.group_repos = c.group.repositories.all()
else:
return redirect(url('home'))
#overwrite our cached list with current filter
gr_filter = c.group_repos
c.cached_repo_list = self.scm_model.get_repos(all_repos=gr_filter)
c.repos_list = c.cached_repo_list
c.repo_cnt = 0
c.groups = self.sa.query(RepoGroup).order_by(RepoGroup.group_name)\
.filter(RepoGroup.group_parent_id == id).all()
return render('admin/repos_groups/repos_groups.html')
def show(self, id, format='html'):
"""GET /repos_groups/id: Show a specific item"""
# url('repos_group', id=ID)
c.group = RepoGroup.get(id)
if c.group:
c.group_repos = c.group.repositories.all()
else:
return redirect(url('home'))
#overwrite our cached list with current filter
gr_filter = c.group_repos
c.cached_repo_list = self.scm_model.get_repos(all_repos=gr_filter)
c.repos_list = c.cached_repo_list
c.repo_cnt = 0
c.groups = self.sa.query(RepoGroup).order_by(RepoGroup.group_name)\
.filter(RepoGroup.group_parent_id == id).all()
return render('admin/repos_groups/repos_groups.html')
def __create_repo(self, repo_name, alias, new_parent_id, clone_uri=False):
"""
makes repository on filesystem. It's group aware means it'll create
a repository within a group, and alter the paths accordingly of
group location
:param repo_name:
:param alias:
:param parent_id:
:param clone_uri:
"""
from rhodecode.lib.utils import is_valid_repo, is_valid_repos_group
if new_parent_id:
paths = RepoGroup.get(new_parent_id)\
.full_path.split(RepoGroup.url_sep())
new_parent_path = os.sep.join(paths)
else:
new_parent_path = ''
# we need to make it str for mercurial
repo_path = os.path.join(*map(lambda x: safe_str(
x), [self.repos_path, new_parent_path, repo_name]))
# check if this path is not a repository
if is_valid_repo(repo_path, self.repos_path):
raise Exception('This path %s is a valid repository' % repo_path)
# check if this path is a group
if is_valid_repos_group(repo_path, self.repos_path):
raise Exception('This path %s is a valid group' % repo_path)
log.info('creating repo %s in %s @ %s' %
(repo_name, safe_unicode(repo_path), clone_uri))
backend = get_backend(alias)
backend(repo_path, create=True, src_url=clone_uri)
def validate_python(self, value, state):
old_group_name = None
group_name = value.get('group_name')
group_name_full = value.get('group_name_full')
group_parent_id = safe_int(value.get('group_parent_id'))
if group_parent_id == -1:
group_parent_id = None
group_obj = RepoGroup.get(old_data.get('group_id'))
parent_group_changed = False
if edit:
old_group_name = group_obj.group_name
old_group_parent_id = group_obj.group_parent_id
if group_parent_id != old_group_parent_id:
parent_group_changed = True
# TODO: mikhail: the following if statement is not reached
# since group_parent_id's OneOf validation fails before.
# Can be removed.
# check against setting a parent of self
parent_of_self = (
old_data['group_id'] == group_parent_id
if group_parent_id else False
)
if parent_of_self:
msg = M(self, 'group_parent_id', state)
raise formencode.Invalid(
msg, value, state, error_dict={'group_parent_id': msg}
)
# group we're moving current group inside
child_group = None
if group_parent_id:
child_group = RepoGroup.query().filter(
RepoGroup.group_id == group_parent_id).scalar()
# do a special check that we cannot move a group to one of
# it's children
if edit and child_group:
parents = [x.group_id for x in child_group.parents]
move_to_children = old_data['group_id'] in parents
if move_to_children:
msg = M(self, 'group_parent_id', state)
raise formencode.Invalid(
msg, value, state, error_dict={'group_parent_id': msg})
# Check if we have permission to store in the parent.
# Only check if the parent group changed.
if parent_group_changed:
if child_group is None:
if not can_create_in_root:
msg = M(self, 'permission_denied_root', state)
raise formencode.Invalid(
msg, value, state,
error_dict={'group_parent_id': msg})
else:
valid = HasRepoGroupPermissionAny('group.admin')
forbidden = not valid(
child_group.group_name, 'can create group validator')
if forbidden:
msg = M(self, 'permission_denied', state)
raise formencode.Invalid(
msg, value, state,
error_dict={'group_parent_id': msg})
# if we change the name or it's new group, check for existing names
# or repositories with the same name
if old_group_name != group_name_full or not edit:
# check group
gr = RepoGroup.get_by_group_name(group_name_full)
if gr:
msg = M(self, 'group_exists', state, group_name=group_name)
raise formencode.Invalid(
msg, value, state, error_dict={'group_name': msg})
# check for same repo
repo = Repository.get_by_repo_name(group_name_full)
if repo:
msg = M(self, 'repo_exists', state, group_name=group_name)
raise formencode.Invalid(
msg, value, state, error_dict={'group_name': msg})
def validate_python(self, value, state):
gr = RepoGroup.get(value)
if not HasReposGroupPermissionAny("group.write", "group.admin")(gr.group_name, "get group of repo form"):
msg = M(self, "permission_denied", state)
raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg))
