def test_remove_group(self): sg1 = fixture.create_group("deleteme") self.__delete_group(sg1.group_id) self.assertEqual(RepoGroup.get(sg1.group_id), None) self.assertFalse(self.__check_path("deteteme")) sg1 = fixture.create_group("deleteme", group_parent_id=self.g1.group_id) self.__delete_group(sg1.group_id) self.assertEqual(RepoGroup.get(sg1.group_id), None) self.assertFalse(self.__check_path("test1", "deteteme"))
def test_remove_group(self): sg1 = _make_group('deleteme') self.__delete_group(sg1.group_id) self.assertEqual(RepoGroup.get(sg1.group_id), None) self.assertFalse(self.__check_path('deteteme')) sg1 = _make_group('deleteme', parent_id=self.g1.group_id) self.__delete_group(sg1.group_id) self.assertEqual(RepoGroup.get(sg1.group_id), None) self.assertFalse(self.__check_path('test1', 'deteteme'))
def test_remove_group(self): sg1 = fixture.create_repo_group('deleteme') self.__delete_group(sg1.group_id) assert RepoGroup.get(sg1.group_id) is None assert not self.__check_path('deteteme') sg1 = fixture.create_repo_group('test1/deleteme') self.__delete_group(sg1.group_id) assert RepoGroup.get(sg1.group_id) is None assert not self.__check_path('test1', 'deteteme')
def update(self, repos_group_id, form_data): try: repos_group = RepoGroup.get(repos_group_id) # update permissions for member, perm, member_type in form_data['perms_updates']: if member_type == 'user': # this updates also current one if found ReposGroupModel().grant_user_permission( repos_group=repos_group, user=member, perm=perm ) else: ReposGroupModel().grant_users_group_permission( repos_group=repos_group, group_name=member, perm=perm ) # set new permissions for member, perm, member_type in form_data['perms_new']: if member_type == 'user': ReposGroupModel().grant_user_permission( repos_group=repos_group, user=member, perm=perm ) else: ReposGroupModel().grant_users_group_permission( repos_group=repos_group, group_name=member, perm=perm ) old_path = repos_group.full_path # change properties repos_group.group_description = form_data['group_description'] repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) repos_group.group_parent_id = form_data['group_parent_id'] repos_group.group_name = repos_group.get_new_name(form_data['group_name']) new_path = repos_group.full_path self.sa.add(repos_group) # we need to get all repositories from this new group and # rename them accordingly to new group path for r in repos_group.repositories: r.repo_name = r.get_new_name(r.just_name) self.sa.add(r) self.__rename_group(old_path, new_path) return repos_group except: log.error(traceback.format_exc()) raise
def update(self, repos_group_id, form_data): try: repos_group = RepoGroup.get(repos_group_id) # update permissions for member, perm, member_type in form_data['perms_updates']: if member_type == 'user': # this updates also current one if found ReposGroupModel().grant_user_permission( repos_group=repos_group, user=member, perm=perm) else: ReposGroupModel().grant_users_group_permission( repos_group=repos_group, group_name=member, perm=perm) # set new permissions for member, perm, member_type in form_data['perms_new']: if member_type == 'user': ReposGroupModel().grant_user_permission( repos_group=repos_group, user=member, perm=perm) else: ReposGroupModel().grant_users_group_permission( repos_group=repos_group, group_name=member, perm=perm) old_path = repos_group.full_path # change properties repos_group.group_description = form_data['group_description'] repos_group.parent_group = RepoGroup.get( form_data['group_parent_id']) repos_group.group_parent_id = form_data['group_parent_id'] repos_group.group_name = repos_group.get_new_name( form_data['group_name']) new_path = repos_group.full_path self.sa.add(repos_group) # we need to get all repositories from this new group and # rename them accordingly to new group path for r in repos_group.repositories: r.repo_name = r.get_new_name(r.just_name) self.sa.add(r) self.__rename_group(old_path, new_path) return repos_group except: log.error(traceback.format_exc()) raise
def __load_data(self, group_id): """ Load defaults settings for edit, and update :param group_id: """ self.__load_defaults() repo_group = RepoGroup.get(group_id) data = repo_group.get_dict() data['group_name'] = repo_group.name # fill repository users for p in repo_group.repo_group_to_perm: data.update({'u_perm_%s' % p.user.username: p.permission.permission_name}) # fill repository groups for p in repo_group.users_group_to_perm: data.update({'g_perm_%s' % p.users_group.users_group_name: p.permission.permission_name}) return data
def create_repository(self): """GET /_admin/create_repository: Form to create a new item""" new_repo = request.GET.get('repo', '') parent_group = request.GET.get('parent_group') if not HasPermissionAny('hg.admin', 'hg.create.repository')(): #you're not super admin nor have global create permissions, #but maybe you have at least write permission to a parent group ? _gr = RepoGroup.get(parent_group) gr_name = _gr.group_name if _gr else None if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): raise HTTPForbidden acl_groups = GroupList(RepoGroup.query().all(), perm_set=['group.write', 'group.admin']) c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() c.new_repo = repo_name_slug(new_repo) ## apply the defaults from defaults page defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) if parent_group: defaults.update({'repo_group': parent_group}) return htmlfill.render( render('admin/repos/repo_add.html'), defaults=defaults, errors={}, prefix_error=False, encoding="UTF-8" )
def update(self, id): """PUT /repos_groups/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('repos_group', id=ID), # method='put') # url('repos_group', id=ID) self.__load_defaults() c.repos_group = RepoGroup.get(id) repos_group_form = ReposGroupForm( edit=True, old_data=c.repos_group.get_dict(), available_groups=c.repo_groups_choices )() try: form_result = repos_group_form.to_python(dict(request.POST)) ReposGroupModel().update(id, form_result) Session().commit() h.flash(_('updated repos group %s') \ % form_result['group_name'], category='success') #TODO: in future action_logger(, '', '', '', self.sa) except formencode.Invalid, errors: return htmlfill.render( render('admin/repos_groups/repos_groups_edit.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def __load_data(self, group_id): """ Load defaults settings for edit, and update :param group_id: """ self.__load_defaults() repo_group = RepoGroup.get(group_id) data = repo_group.get_dict() data['group_name'] = repo_group.name # fill repository users for p in repo_group.repo_group_to_perm: data.update( {'u_perm_%s' % p.user.username: p.permission.permission_name}) # fill repository groups for p in repo_group.users_group_to_perm: data.update({ 'g_perm_%s' % p.users_group.users_group_name: p.permission.permission_name }) return data
def delete(self, id): """DELETE /repos_groups/id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('repos_group', id=ID), # method='delete') # url('repos_group', id=ID) gr = RepoGroup.get(id) repos = gr.repositories.all() if repos: h.flash(_('This group contains %s repositores and cannot be ' 'deleted' % len(repos)), category='error') return redirect(url('repos_groups')) try: ReposGroupModel().delete(id) Session.commit() h.flash(_('removed repos group %s' % gr.group_name), category='success') #TODO: in future action_logger(, '', '', '', self.sa) except IntegrityError, e: if e.message.find('groups_group_parent_id_fkey') != -1: log.error(traceback.format_exc()) h.flash(_('Cannot delete this group it still contains ' 'subgroups'), category='warning') else: log.error(traceback.format_exc()) h.flash(_('error occurred during deletion of repos ' 'group %s' % gr.group_name), category='error')
def update(self, id): """PUT /repos_groups/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('repos_group', id=ID), # method='put') # url('repos_group', id=ID) self.__load_defaults() c.repos_group = RepoGroup.get(id) repos_group_form = ReposGroupForm( edit=True, old_data=c.repos_group.get_dict(), available_groups=c.repo_groups_choices)() try: form_result = repos_group_form.to_python(dict(request.POST)) ReposGroupModel().update(id, form_result) Session.commit() h.flash(_('updated repos group %s') \ % form_result['group_name'], category='success') #TODO: in futureaction_logger(, '', '', '', self.sa) except formencode.Invalid, errors: return htmlfill.render( render('admin/repos_groups/repos_groups_edit.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def __create_repo(self, repo_name, alias, new_parent_id, clone_uri=False): """ makes repository on filesystem. It's group aware means it'll create a repository within a group, and alter the paths accordingly of group location :param repo_name: :param alias: :param parent_id: :param clone_uri: """ from rhodecode.lib.utils import is_valid_repo, is_valid_repos_group if new_parent_id: paths = RepoGroup.get(new_parent_id).full_path.split(RepoGroup.url_sep()) new_parent_path = os.sep.join(paths) else: new_parent_path = "" # we need to make it str for mercurial repo_path = os.path.join(*map(lambda x: safe_str(x), [self.repos_path, new_parent_path, repo_name])) # check if this path is not a repository if is_valid_repo(repo_path, self.repos_path): raise Exception("This path %s is a valid repository" % repo_path) # check if this path is a group if is_valid_repos_group(repo_path, self.repos_path): raise Exception("This path %s is a valid group" % repo_path) log.info("creating repo %s in %s @ %s" % (repo_name, safe_unicode(repo_path), clone_uri)) backend = get_backend(alias) backend(repo_path, create=True, src_url=clone_uri)
def update(self, repo, **kwargs): try: cur_repo = self._get_repo(repo) source_repo_name = cur_repo.repo_name if 'user' in kwargs: cur_repo.user = User.get_by_username(kwargs['user']) if 'repo_group' in kwargs: cur_repo.group = RepoGroup.get(kwargs['repo_group']) log.debug('Updating repo %s with params:%s', cur_repo, kwargs) update_keys = [(1, 'repo_enable_downloads'), (1, 'repo_description'), (1, 'repo_enable_locking'), (1, 'repo_landing_rev'), (1, 'repo_private'), (1, 'repo_enable_statistics'), (0, 'clone_uri'), (0, 'fork_id')] for strip, k in update_keys: if k in kwargs: val = kwargs[k] if strip: k = remove_prefix(k, 'repo_') if k == 'clone_uri': from rhodecode.model.validators import Missing _change = kwargs.get('clone_uri_change') if _change in [Missing, 'OLD']: # we don't change the value, so use original one val = cur_repo.clone_uri setattr(cur_repo, k, val) new_name = cur_repo.get_new_name(kwargs['repo_name']) cur_repo.repo_name = new_name # if private flag is set, reset default permission to NONE if kwargs.get('repo_private'): EMPTY_PERM = 'repository.none' RepoModel().grant_user_permission(repo=cur_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM) # handle extra fields for field in filter(lambda k: k.startswith(RepositoryField.PREFIX), kwargs): k = RepositoryField.un_prefix_key(field) ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo) if ex_field: ex_field.field_value = kwargs[field] self.sa.add(ex_field) self.sa.add(cur_repo) if source_repo_name != new_name: # rename repository self._rename_filesystem_repo(old=source_repo_name, new=new_name) return cur_repo except Exception: log.error(traceback.format_exc()) raise
def create_repository(self): """GET /_admin/create_repository: Form to create a new item""" new_repo = request.GET.get('repo', '') parent_group = request.GET.get('parent_group') if not HasPermissionAny('hg.admin', 'hg.create.repository')(): #you're not super admin nor have global create permissions, #but maybe you have at least write permission to a parent group ? _gr = RepoGroup.get(parent_group) gr_name = _gr.group_name if _gr else None if not HasReposGroupPermissionAny( 'group.admin', 'group.write')(group_name=gr_name): raise HTTPForbidden acl_groups = GroupList(RepoGroup.query().all(), perm_set=['group.write', 'group.admin']) c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() c.new_repo = repo_name_slug(new_repo) ## apply the defaults from defaults page defaults = RhodeCodeSetting.get_default_repo_settings( strip_prefix=True) if parent_group: defaults.update({'repo_group': parent_group}) return htmlfill.render(render('admin/repos/repo_add.html'), defaults=defaults, errors={}, prefix_error=False, encoding="UTF-8")
def validate_python(self, value, state): gr = RepoGroup.get(value) gr_name = gr.group_name if gr else None # None means ROOT location # create repositories with write permission on group is set to true create_on_write = HasPermissionAny( 'hg.create.write_on_repogroup.true')() group_admin = HasRepoGroupPermissionAny('group.admin')( gr_name, 'can write into group validator') group_write = HasRepoGroupPermissionAny('group.write')( gr_name, 'can write into group validator') forbidden = not (group_admin or (group_write and create_on_write)) can_create_repos = HasPermissionAny( 'hg.admin', 'hg.create.repository') gid = (old_data['repo_group'].get('group_id') if (old_data and 'repo_group' in old_data) else None) value_changed = gid != safe_int(value) new = not old_data # do check if we changed the value, there's a case that someone got # revoked write permissions to a repository, he still created, we # don't need to check permission if he didn't change the value of # groups in form box if value_changed or new: # parent group need to be existing if gr and forbidden: msg = M(self, 'permission_denied', state) raise formencode.Invalid( msg, value, state, error_dict={'repo_type': msg} ) # check if we can write to root location ! elif gr is None and not can_create_repos(): msg = M(self, 'permission_denied_root', state) raise formencode.Invalid( msg, value, state, error_dict={'repo_type': msg} )
def delete(self, id): """DELETE /repos_groups/id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('repos_group', id=ID), # method='delete') # url('repos_group', id=ID) gr = RepoGroup.get(id) repos = gr.repositories.all() if repos: h.flash(_('This group contains %s repositores and cannot be ' 'deleted') % len(repos), category='error') return redirect(url('repos_groups')) try: ReposGroupModel().delete(id) Session().commit() h.flash(_('removed repos group %s') % gr.group_name, category='success') #TODO: in future action_logger(, '', '', '', self.sa) except IntegrityError, e: if str(e.message).find('groups_group_parent_id_fkey') != -1: log.error(traceback.format_exc()) h.flash(_('Cannot delete this group it still contains ' 'subgroups'), category='warning') else: log.error(traceback.format_exc()) h.flash(_('error occurred during deletion of repos ' 'group %s') % gr.group_name, category='error')
def delete(self, users_group_id): try: users_group = RepoGroup.get(users_group_id) self.sa.delete(users_group) self.__delete_group(users_group) except: log.error(traceback.format_exc()) raise
def update(self, org_repo_name, **kwargs): try: cur_repo = self.get_by_repo_name(org_repo_name, cache=False) # update permissions for member, perm, member_type in kwargs['perms_updates']: if member_type == 'user': # this updates existing one RepoModel().grant_user_permission( repo=cur_repo, user=member, perm=perm ) else: RepoModel().grant_users_group_permission( repo=cur_repo, group_name=member, perm=perm ) # set new permissions for member, perm, member_type in kwargs['perms_new']: if member_type == 'user': RepoModel().grant_user_permission( repo=cur_repo, user=member, perm=perm ) else: RepoModel().grant_users_group_permission( repo=cur_repo, group_name=member, perm=perm ) if 'user' in kwargs: cur_repo.user = User.get_by_username(kwargs['user']) if 'repo_group' in kwargs: cur_repo.group = RepoGroup.get(kwargs['repo_group']) for strip, k in [(0, 'repo_type'), (1, 'repo_enable_downloads'), (1, 'repo_description'), (1, 'repo_enable_locking'), (1, 'repo_landing_rev'), (0, 'clone_uri'), (1, 'repo_private'), (1, 'repo_enable_statistics')]: if k in kwargs: val = kwargs[k] if strip: k = remove_prefix(k, 'repo_') setattr(cur_repo, k, val) new_name = cur_repo.get_new_name(kwargs['repo_name']) cur_repo.repo_name = new_name self.sa.add(cur_repo) if org_repo_name != new_name: # rename repository self.__rename_repo(old=org_repo_name, new=new_name) return cur_repo except: log.error(traceback.format_exc()) raise
def update(self, repos_group_id, form_data): try: repos_group = RepoGroup.get(repos_group_id) recursive = form_data['recursive'] # iterate over all members(if in recursive mode) of this groups and # set the permissions ! # this can be potentially heavy operation self._update_permissions(repos_group, form_data['perms_new'], form_data['perms_updates'], recursive) old_path = repos_group.full_path # change properties repos_group.group_description = form_data['group_description'] repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) repos_group.group_parent_id = form_data['group_parent_id'] repos_group.enable_locking = form_data['enable_locking'] repos_group.group_name = repos_group.get_new_name(form_data['group_name']) new_path = repos_group.full_path self.sa.add(repos_group) # iterate over all members of this groups and set the locking ! # this can be potentially heavy operation for obj in repos_group.recursive_groups_and_repos(): #set the value from it's parent obj.enable_locking = repos_group.enable_locking self.sa.add(obj) # we need to get all repositories from this new group and # rename them accordingly to new group path for r in repos_group.repositories: r.repo_name = r.get_new_name(r.just_name) self.sa.add(r) self.__rename_group(old_path, new_path) return repos_group except: log.error(traceback.format_exc()) raise
def update(self, repos_group, form_data): try: repos_group = self._get_repos_group(repos_group) recursive = form_data['recursive'] # iterate over all members(if in recursive mode) of this groups and # set the permissions ! # this can be potentially heavy operation self._update_permissions(repos_group, form_data['perms_new'], form_data['perms_updates'], recursive) old_path = repos_group.full_path # change properties repos_group.group_description = form_data['group_description'] repos_group.group_parent_id = form_data['group_parent_id'] repos_group.enable_locking = form_data['enable_locking'] repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) repos_group.group_name = repos_group.get_new_name(form_data['group_name']) new_path = repos_group.full_path self.sa.add(repos_group) # iterate over all members of this groups and do fixes # set locking if given # if obj is a repoGroup also fix the name of the group according # to the parent # if obj is a Repo fix it's name # this can be potentially heavy operation for obj in repos_group.recursive_groups_and_repos(): #set the value from it's parent obj.enable_locking = repos_group.enable_locking if isinstance(obj, RepoGroup): new_name = obj.get_new_name(obj.name) log.debug('Fixing group %s to new name %s' \ % (obj.group_name, new_name)) obj.group_name = new_name elif isinstance(obj, Repository): # we need to get all repositories from this new group and # rename them accordingly to new group path new_name = obj.get_new_name(obj.just_name) log.debug('Fixing repo %s to new name %s' \ % (obj.repo_name, new_name)) obj.repo_name = new_name self.sa.add(obj) self.__rename_group(old_path, new_path) return repos_group except Exception: log.error(traceback.format_exc()) raise
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data['perms_updates']: if member_type == 'user': # this updates existing one RepoModel().grant_user_permission(repo=cur_repo, user=member, perm=perm) else: RepoModel().grant_users_group_permission(repo=cur_repo, group_name=member, perm=perm) # set new permissions for member, perm, member_type in form_data['perms_new']: if member_type == 'user': RepoModel().grant_user_permission(repo=cur_repo, user=member, perm=perm) else: RepoModel().grant_users_group_permission(repo=cur_repo, group_name=member, perm=perm) # update current repo for k, v in form_data.items(): if k == 'user': cur_repo.user = User.get_by_username(v) elif k == 'repo_name': pass elif k == 'repo_group': cur_repo.group = RepoGroup.get(v) else: setattr(cur_repo, k, v) new_name = cur_repo.get_new_name(form_data['repo_name']) cur_repo.repo_name = new_name self.sa.add(cur_repo) if repo_name != new_name: # rename repository self.__rename_repo(old=repo_name, new=new_name) return cur_repo except: log.error(traceback.format_exc()) raise
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data['perms_updates']: if member_type == 'user': # this updates existing one RepoModel().grant_user_permission( repo=cur_repo, user=member, perm=perm ) else: RepoModel().grant_users_group_permission( repo=cur_repo, group_name=member, perm=perm ) # set new permissions for member, perm, member_type in form_data['perms_new']: if member_type == 'user': RepoModel().grant_user_permission( repo=cur_repo, user=member, perm=perm ) else: RepoModel().grant_users_group_permission( repo=cur_repo, group_name=member, perm=perm ) # update current repo for k, v in form_data.items(): if k == 'user': cur_repo.user = User.get_by_username(v) elif k == 'repo_name': pass elif k == 'repo_group': cur_repo.group = RepoGroup.get(v) else: setattr(cur_repo, k, v) new_name = cur_repo.get_new_name(form_data['repo_name']) cur_repo.repo_name = new_name self.sa.add(cur_repo) if repo_name != new_name: # rename repository self.__rename_repo(old=repo_name, new=new_name) return cur_repo except: log.error(traceback.format_exc()) raise
def validate_python(self, value, state): # TODO WRITE VALIDATIONS group_name = value.get('group_name') group_parent_id = value.get('group_parent_id') # slugify repo group just in case :) slug = repo_name_slug(group_name) # check for parent of self parent_of_self = lambda: ( old_data['group_id'] == int(group_parent_id) if group_parent_id else False ) if edit and parent_of_self(): e_dict = { 'group_parent_id': _('Cannot assign this group as parent') } raise formencode.Invalid('', value, state, error_dict=e_dict) old_gname = None if edit: old_gname = RepoGroup.get(old_data.get('group_id')).group_name if old_gname != group_name or not edit: # check group gr = RepoGroup.query()\ .filter(RepoGroup.group_name == slug)\ .filter(RepoGroup.group_parent_id == group_parent_id)\ .scalar() if gr: e_dict = { 'group_name': _('This group already exists') } raise formencode.Invalid('', value, state, error_dict=e_dict) # check for same repo repo = Repository.query()\ .filter(Repository.repo_name == slug)\ .scalar() if repo: e_dict = { 'group_name': _('Repository with this name already exists') } raise formencode.Invalid('', value, state, error_dict=e_dict)
def update(self, org_repo_name, **kwargs): try: cur_repo = self.get_by_repo_name(org_repo_name, cache=False) if 'user' in kwargs: cur_repo.user = User.get_by_username(kwargs['user']) if 'repo_group' in kwargs: cur_repo.group = RepoGroup.get(kwargs['repo_group']) for strip, k in [ (1, 'repo_enable_downloads'), (1, 'repo_description'), (1, 'repo_enable_locking'), (1, 'repo_landing_rev'), (0, 'clone_uri'), (1, 'repo_private'), (1, 'repo_enable_statistics') ]: if k in kwargs: val = kwargs[k] if strip: k = remove_prefix(k, 'repo_') setattr(cur_repo, k, val) new_name = cur_repo.get_new_name(kwargs['repo_name']) cur_repo.repo_name = new_name #if private flag is set, reset default permission to NONE if kwargs.get('repo_private'): EMPTY_PERM = 'repository.none' RepoModel().grant_user_permission(repo=cur_repo, user='******', perm=EMPTY_PERM) #handle extra fields for field in filter(lambda k: k.startswith(RepositoryField.PREFIX), kwargs): k = RepositoryField.un_prefix_key(field) ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo) if ex_field: ex_field.field_value = kwargs[field] self.sa.add(ex_field) self.sa.add(cur_repo) if org_repo_name != new_name: # rename repository self.__rename_repo(old=org_repo_name, new=new_name) return cur_repo except Exception: log.error(traceback.format_exc()) raise
def to_python(self, value, state): repo_name = value.get('repo_name') slug = repo_name_slug(repo_name) if slug in [ADMIN_PREFIX, '']: e_dict = {'repo_name': _('This repository name is disallowed')} raise formencode.Invalid('', value, state, error_dict=e_dict) if value.get('repo_group'): gr = RepoGroup.get(value.get('repo_group')) group_path = gr.full_path # value needs to be aware of group name in order to check # db key This is an actual just the name to store in the # database repo_name_full = group_path + RepoGroup.url_sep() + repo_name else: group_path = '' repo_name_full = repo_name value['repo_name_full'] = repo_name_full rename = old_data.get('repo_name') != repo_name_full create = not edit if rename or create: if group_path != '': if Repository.get_by_repo_name(repo_name_full): e_dict = { 'repo_name': _('This repository already exists in ' 'a group "%s"') % gr.group_name } raise formencode.Invalid('', value, state, error_dict=e_dict) elif RepoGroup.get_by_group_name(repo_name_full): e_dict = { 'repo_name': _('There is a group with this name ' 'already "%s"') % repo_name_full } raise formencode.Invalid('', value, state, error_dict=e_dict) elif Repository.get_by_repo_name(repo_name_full): e_dict = {'repo_name': _('This repository ' 'already exists')} raise formencode.Invalid('', value, state, error_dict=e_dict) return value
def validate_python(self, value, state): # TODO WRITE VALIDATIONS group_name = value.get('group_name') group_parent_id = value.get('group_parent_id') # slugify repo group just in case :) slug = repo_name_slug(group_name) # check for parent of self parent_of_self = lambda: (old_data['group_id'] == int( group_parent_id) if group_parent_id else False) if edit and parent_of_self(): msg = M(self, 'group_parent_id', state) raise formencode.Invalid(msg, value, state, error_dict=dict(group_parent_id=msg)) old_gname = None if edit: old_gname = RepoGroup.get(old_data.get('group_id')).group_name if old_gname != group_name or not edit: # check group gr = RepoGroup.query()\ .filter(RepoGroup.group_name == slug)\ .filter(RepoGroup.group_parent_id == group_parent_id)\ .scalar() if gr: msg = M(self, 'group_exists', state, group_name=slug) raise formencode.Invalid(msg, value, state, error_dict=dict(group_name=msg)) # check for same repo repo = Repository.query()\ .filter(Repository.repo_name == slug)\ .scalar() if repo: msg = M(self, 'repo_exists', state, group_name=slug) raise formencode.Invalid(msg, value, state, error_dict=dict(group_name=msg))
def validate_python(self, value, state): gr = RepoGroup.get(value) gr_name = gr.group_name if gr else None # None means ROOT location if can_create_in_root and gr is None: #we can create in root, we're fine no validations required return forbidden_in_root = gr is None and not can_create_in_root val = HasReposGroupPermissionAny('group.admin') forbidden = not val(gr_name, 'can create group validator') if forbidden_in_root or forbidden: msg = M(self, 'permission_denied', state) raise formencode.Invalid(msg, value, state, error_dict=dict(group_parent_id=msg) )
def validate_python(self, value, state): # TODO WRITE VALIDATIONS group_name = value.get('group_name') group_parent_id = value.get('group_parent_id') # slugify repo group just in case :) slug = repo_name_slug(group_name) # check for parent of self parent_of_self = lambda: ( old_data['group_id'] == int(group_parent_id) if group_parent_id else False ) if edit and parent_of_self(): msg = M(self, 'group_parent_id', state) raise formencode.Invalid(msg, value, state, error_dict=dict(group_parent_id=msg) ) old_gname = None if edit: old_gname = RepoGroup.get(old_data.get('group_id')).group_name if old_gname != group_name or not edit: # check group gr = RepoGroup.query()\ .filter(RepoGroup.group_name == slug)\ .filter(RepoGroup.group_parent_id == group_parent_id)\ .scalar() if gr: msg = M(self, 'group_exists', state, group_name=slug) raise formencode.Invalid(msg, value, state, error_dict=dict(group_name=msg) ) # check for same repo repo = Repository.query()\ .filter(Repository.repo_name == slug)\ .scalar() if repo: msg = M(self, 'repo_exists', state, group_name=slug) raise formencode.Invalid(msg, value, state, error_dict=dict(group_name=msg) )
def update(self, org_repo_name, **kwargs): try: cur_repo = self.get_by_repo_name(org_repo_name, cache=False) if 'user' in kwargs: cur_repo.user = User.get_by_username(kwargs['user']) if 'repo_group' in kwargs: cur_repo.group = RepoGroup.get(kwargs['repo_group']) for strip, k in [(1, 'repo_enable_downloads'), (1, 'repo_description'), (1, 'repo_enable_locking'), (1, 'repo_landing_rev'), (0, 'clone_uri'), (1, 'repo_private'), (1, 'repo_enable_statistics')]: if k in kwargs: val = kwargs[k] if strip: k = remove_prefix(k, 'repo_') setattr(cur_repo, k, val) new_name = cur_repo.get_new_name(kwargs['repo_name']) cur_repo.repo_name = new_name #if private flag is set, reset default permission to NONE if kwargs.get('repo_private'): EMPTY_PERM = 'repository.none' RepoModel().grant_user_permission( repo=cur_repo, user='******', perm=EMPTY_PERM ) #handle extra fields for field in filter(lambda k: k.startswith(RepositoryField.PREFIX), kwargs): k = RepositoryField.un_prefix_key(field) ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo) if ex_field: ex_field.field_value = kwargs[field] self.sa.add(ex_field) self.sa.add(cur_repo) if org_repo_name != new_name: # rename repository self.__rename_repo(old=org_repo_name, new=new_name) return cur_repo except Exception: log.error(traceback.format_exc()) raise
def edit(self, id, format='html'): """GET /repos_groups/id/edit: Form to edit an existing item""" # url('edit_repos_group', id=ID) id_ = int(id) c.repos_group = RepoGroup.get(id_) defaults = self.__load_data(id_) # we need to exclude this group from the group list for editing c.repo_groups = filter(lambda x: x[0] != id_, c.repo_groups) return htmlfill.render( render('admin/repos_groups/repos_groups_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def edit(self, id, format='html'): """GET /repos_groups/id/edit: Form to edit an existing item""" # url('edit_repos_group', id=ID) id_ = int(id) c.repos_group = RepoGroup.get(id_) defaults = self.__load_data(id_) # we need to exclude this group from the group list for editing c.repo_groups = filter(lambda x: x[0] != id_, c.repo_groups) return htmlfill.render( render('admin/repos_groups/repos_groups_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def _to_python(self, value, state): group_name = repo_name_slug(value.get('group_name', '')) group_parent_id = safe_int(value.get('group_parent_id')) gr = RepoGroup.get(group_parent_id) if gr: parent_group_path = gr.full_path # value needs to be aware of group name in order to check # db key This is an actual just the name to store in the # database group_name_full = ( parent_group_path + RepoGroup.url_sep() + group_name) else: group_name_full = group_name value['group_name'] = group_name value['group_name_full'] = group_name_full value['group_parent_id'] = group_parent_id return value
def new(self, format='html'): """GET /repos_groups/new: Form to create a new item""" # url('new_repos_group') if HasPermissionAll('hg.admin')('group create'): #we're global admin, we're ok and we can create TOP level groups pass else: # we pass in parent group into creation form, thus we know # what would be the group, we can check perms here ! group_id = safe_int(request.GET.get('parent_group')) group = RepoGroup.get(group_id) if group_id else None group_name = group.group_name if group else None if HasReposGroupPermissionAll('group.admin')(group_name, 'group create'): pass else: return abort(403) self.__load_defaults() return render('admin/repos_groups/repos_groups_add.html')
def _to_python(self, value, state): repo_name = repo_name_slug(value.get('repo_name', '')) repo_group = value.get('repo_group') if repo_group: gr = RepoGroup.get(repo_group) group_path = gr.full_path group_name = gr.group_name # value needs to be aware of group name in order to check # db key This is an actual just the name to store in the # database repo_name_full = group_path + RepoGroup.url_sep() + repo_name else: group_name = group_path = '' repo_name_full = repo_name value['repo_name'] = repo_name value['repo_name_full'] = repo_name_full value['group_path'] = group_path value['group_name'] = group_name return value
def _can_create_repo_group(self, parent_group_id=None): is_admin = HasPermissionAll('hg.admin')('group create controller') create_repo_group = HasPermissionAll('hg.repogroup.create.true')( 'group create controller') if is_admin or (create_repo_group and not parent_group_id): # we're global admin, or we have global repo group create # permission # we're ok and we can create TOP level groups return True elif parent_group_id: # we check the permission if we can write to parent group group = RepoGroup.get(parent_group_id) group_name = group.group_name if group else None if HasRepoGroupPermissionAll('group.admin')( group_name, 'check if user is an admin of group'): # we're an admin of passed in group, we're ok. return True else: return False return False
def validate_python(self, value, state): gr = RepoGroup.get(value) gr_name = gr.group_name if gr else None # None means ROOT location val = HasReposGroupPermissionAny('group.write', 'group.admin') can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') forbidden = not val(gr_name, 'can write into group validator') value_changed = True # old_data['repo_group'].get('group_id') != safe_int(value) if value_changed: # do check if we changed the value #parent group need to be existing if gr and forbidden: msg = M(self, 'permission_denied', state) raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg) ) ## check if we can write to root location ! elif gr is None and not can_create_repos(): msg = M(self, 'permission_denied_root', state) raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg) )
def create_repository(self): """GET /_admin/create_repository: Form to create a new item""" new_repo = request.GET.get('repo', '') parent_group = request.GET.get('parent_group') if not HasPermissionAny('hg.admin', 'hg.create.repository')(): # you're not super admin nor have global create permissions, # but maybe you have at least write permission to a parent group ? _gr = RepoGroup.get(parent_group) gr_name = _gr.group_name if _gr else None # create repositories with write permission on group is set to true create_on_write = HasPermissionAny( 'hg.create.write_on_repogroup.true')() group_admin = HasRepoGroupPermissionAny('group.admin')( group_name=gr_name) group_write = HasRepoGroupPermissionAny('group.write')( group_name=gr_name) if not (group_admin or (group_write and create_on_write)): raise HTTPForbidden acl_groups = RepoGroupList(RepoGroup.query().all(), perm_set=['group.write', 'group.admin']) c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() c.personal_repo_group = RepoGroup.get_by_group_name( c.rhodecode_user.username) c.new_repo = repo_name_slug(new_repo) ## apply the defaults from defaults page defaults = SettingsModel().get_default_repo_settings(strip_prefix=True) # set checkbox to autochecked defaults['repo_copy_permissions'] = True if parent_group: defaults.update({'repo_group': parent_group}) return htmlfill.render(render('admin/repos/repo_add.html'), defaults=defaults, errors={}, prefix_error=False, encoding="UTF-8", force_defaults=False)
def show(self, id, format='html'): """GET /repos_groups/id: Show a specific item""" # url('repos_group', id=ID) c.group = RepoGroup.get(id) if c.group: c.group_repos = c.group.repositories.all() else: return redirect(url('home')) #overwrite our cached list with current filter gr_filter = c.group_repos c.cached_repo_list = self.scm_model.get_repos(all_repos=gr_filter) c.repos_list = c.cached_repo_list c.repo_cnt = 0 c.groups = self.sa.query(RepoGroup).order_by(RepoGroup.group_name)\ .filter(RepoGroup.group_parent_id == id).all() return render('admin/repos_groups/repos_groups.html')
def __create_repo(self, repo_name, alias, new_parent_id, clone_uri=False): """ makes repository on filesystem. It's group aware means it'll create a repository within a group, and alter the paths accordingly of group location :param repo_name: :param alias: :param parent_id: :param clone_uri: """ from rhodecode.lib.utils import is_valid_repo, is_valid_repos_group if new_parent_id: paths = RepoGroup.get(new_parent_id)\ .full_path.split(RepoGroup.url_sep()) new_parent_path = os.sep.join(paths) else: new_parent_path = '' # we need to make it str for mercurial repo_path = os.path.join(*map(lambda x: safe_str( x), [self.repos_path, new_parent_path, repo_name])) # check if this path is not a repository if is_valid_repo(repo_path, self.repos_path): raise Exception('This path %s is a valid repository' % repo_path) # check if this path is a group if is_valid_repos_group(repo_path, self.repos_path): raise Exception('This path %s is a valid group' % repo_path) log.info('creating repo %s in %s @ %s' % (repo_name, safe_unicode(repo_path), clone_uri)) backend = get_backend(alias) backend(repo_path, create=True, src_url=clone_uri)
def validate_python(self, value, state): old_group_name = None group_name = value.get('group_name') group_name_full = value.get('group_name_full') group_parent_id = safe_int(value.get('group_parent_id')) if group_parent_id == -1: group_parent_id = None group_obj = RepoGroup.get(old_data.get('group_id')) parent_group_changed = False if edit: old_group_name = group_obj.group_name old_group_parent_id = group_obj.group_parent_id if group_parent_id != old_group_parent_id: parent_group_changed = True # TODO: mikhail: the following if statement is not reached # since group_parent_id's OneOf validation fails before. # Can be removed. # check against setting a parent of self parent_of_self = ( old_data['group_id'] == group_parent_id if group_parent_id else False ) if parent_of_self: msg = M(self, 'group_parent_id', state) raise formencode.Invalid( msg, value, state, error_dict={'group_parent_id': msg} ) # group we're moving current group inside child_group = None if group_parent_id: child_group = RepoGroup.query().filter( RepoGroup.group_id == group_parent_id).scalar() # do a special check that we cannot move a group to one of # it's children if edit and child_group: parents = [x.group_id for x in child_group.parents] move_to_children = old_data['group_id'] in parents if move_to_children: msg = M(self, 'group_parent_id', state) raise formencode.Invalid( msg, value, state, error_dict={'group_parent_id': msg}) # Check if we have permission to store in the parent. # Only check if the parent group changed. if parent_group_changed: if child_group is None: if not can_create_in_root: msg = M(self, 'permission_denied_root', state) raise formencode.Invalid( msg, value, state, error_dict={'group_parent_id': msg}) else: valid = HasRepoGroupPermissionAny('group.admin') forbidden = not valid( child_group.group_name, 'can create group validator') if forbidden: msg = M(self, 'permission_denied', state) raise formencode.Invalid( msg, value, state, error_dict={'group_parent_id': msg}) # if we change the name or it's new group, check for existing names # or repositories with the same name if old_group_name != group_name_full or not edit: # check group gr = RepoGroup.get_by_group_name(group_name_full) if gr: msg = M(self, 'group_exists', state, group_name=group_name) raise formencode.Invalid( msg, value, state, error_dict={'group_name': msg}) # check for same repo repo = Repository.get_by_repo_name(group_name_full) if repo: msg = M(self, 'repo_exists', state, group_name=group_name) raise formencode.Invalid( msg, value, state, error_dict={'group_name': msg})
def validate_python(self, value, state): gr = RepoGroup.get(value) if not HasReposGroupPermissionAny("group.write", "group.admin")(gr.group_name, "get group of repo form"): msg = M(self, "permission_denied", state) raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg))