def create_default_permissions(self, user):
"""
Creates only missing default permissions for user
:param user:
"""
user = self._get_user(user)
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def _get_group(perm_name):
return '.'.join(perm_name.split('.')[:1])
perms = UserToPerm.query().filter(UserToPerm.user == user).all()
defined_perms_groups = map(_get_group,
(x.permission.permission_name for x in perms))
log.debug('GOT ALREADY DEFINED:%s' % perms)
DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS
# for every default permission that needs to be created, we check if
# it's group is already defined, if it's not we create default perm
for perm_name in DEFAULT_PERMS:
gr = _get_group(perm_name)
if gr not in defined_perms_groups:
log.debug('GR:%s not found, creating permission %s'
% (gr, perm_name))
new_perm = _make_perm(perm_name)
self.sa.add(new_perm)
def create_default_permissions(self, user):
"""
Creates only missing default permissions for user
:param user:
"""
user = self._get_user(user)
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def _get_group(perm_name):
return '.'.join(perm_name.split('.')[:1])
perms = UserToPerm.query().filter(UserToPerm.user == user).all()
defined_perms_groups = map(_get_group, (x.permission.permission_name
for x in perms))
log.debug('GOT ALREADY DEFINED:%s' % perms)
DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS
# for every default permission that needs to be created, we check if
# it's group is already defined, if it's not we create default perm
for perm_name in DEFAULT_PERMS:
gr = _get_group(perm_name)
if gr not in defined_perms_groups:
log.debug('GR:%s not found, creating permission %s' %
(gr, perm_name))
new_perm = _make_perm(perm_name)
self.sa.add(new_perm)
def _test_def_perm_equal(self, user, change_factor=0):
perms = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.all()
self.assertEqual(len(perms),
len(Permission.DEFAULT_USER_PERMISSIONS,)+change_factor,
msg=perms)
def _test_def_perm_equal(self, user, change_factor=0):
perms = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.all()
self.assertEqual(len(perms),
len(Permission.DEFAULT_USER_PERMISSIONS, ) +
change_factor,
msg=perms)
def has_perm(self, user, perm):
perm = self._get_perm(perm)
user = self._get_user(user)
return (
UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar()
is not None
)
def has_perm(self, user, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class '
'got %s instead' % type(perm))
user = self.__get_user(user)
return UserToPerm.query().filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm).scalar() is not None
def has_perm(self, user, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class '
'got %s instead' % type(perm))
user = self.__get_user(user)
return UserToPerm.query().filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm).scalar() is not None
def _test_def_user_perm_equal(self,
user,
change_factor=0,
compare_keys=None):
perms = UserToPerm.query().filter(UserToPerm.user == user).all()
assert len(perms) == \
len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor
if compare_keys:
assert set(x.permissions.permission_name
for x in perms) == compare_keys
def create_default_user_permissions(self, user, force=False):
"""
Creates only missing default permissions for user, if force is set it
resets the default permissions for that user
:param user:
:param force:
"""
user = self._get_user(user)
obj_perms = UserToPerm.query().filter(UserToPerm.user == user).all()
return self._create_default_object_permission('user', user, obj_perms,
force)
def test_set_default_permissions_after_one_is_missing(self):
PermissionModel().create_default_user_permissions(user=self.u1)
self._test_def_user_perm_equal(user=self.u1)
# now we delete one, it should be re-created after another call
perms = UserToPerm.query().filter(UserToPerm.user == self.u1).all()
Session().delete(perms[0])
Session().commit()
self._test_def_user_perm_equal(user=self.u1, change_factor=-1)
# create missing one !
PermissionModel().create_default_user_permissions(user=self.u1)
self._test_def_user_perm_equal(user=self.u1)
def revoke_perm(self, user, perm):
"""
Revoke users global permissions
:param user:
:param perm:
"""
user = self._get_user(user)
perm = self._get_perm(perm)
obj = UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar()
if obj:
self.sa.delete(obj)
def create_default_user_group_permissions(self, user_group, force=False):
"""
Creates only missing default permissions for user group, if force is set it
resets the default permissions for that user group
:param user_group:
:param force:
"""
user_group = self._get_user_group(user_group)
obj_perms = UserToPerm.query().filter(
UserGroupToPerm.users_group == user_group).all()
return self._create_default_object_permission('user_group', user_group,
obj_perms, force)
def test_set_default_permissions_after_one_is_missing(self):
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
#now we delete one, it should be re-created after another call
perms = UserToPerm.query()\
.filter(UserToPerm.user == self.u1)\
.all()
Session().delete(perms[0])
Session().commit()
self._test_def_perm_equal(user=self.u1, change_factor=-1)
#create missing one !
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
def revoke_perm(self, user, perm):
"""
Revoke users global permissions
:param user:
:param perm:
"""
user = self._get_user(user)
perm = self._get_perm(perm)
obj = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm)\
.scalar()
if obj:
self.sa.delete(obj)
def grant_perm(self, user, perm):
"""
Grant user global permissions
:param user:
:param perm:
"""
user = self._get_user(user)
perm = self._get_perm(perm)
# if this permission is already granted skip it
_perm = UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar()
if _perm:
return
new = UserToPerm()
new.user = user
new.permission = perm
self.sa.add(new)
def test_set_default_permissions_after_modification(self, perm, modify_to):
PermissionModel().create_default_user_permissions(user=self.u1)
self._test_def_user_perm_equal(user=self.u1)
old = Permission.get_by_key(perm)
new = Permission.get_by_key(modify_to)
assert old is not None
assert new is not None
# now modify permissions
p = UserToPerm.query().filter(UserToPerm.user == self.u1).filter(
UserToPerm.permission == old).one()
p.permission = new
Session().add(p)
Session().commit()
PermissionModel().create_default_user_permissions(user=self.u1)
self._test_def_user_perm_equal(user=self.u1)
def reset_permissions(self, username):
"""
Resets permissions to default state, useful when old systems had
bad permissions, we must clean them up
:param username:
"""
default_user = User.get_by_username(username)
if not default_user:
return
u2p = UserToPerm.query()\
.filter(UserToPerm.user == default_user).all()
fixed = False
if len(u2p) != len(Permission.DEFAULT_USER_PERMISSIONS):
for p in u2p:
Session().delete(p)
fixed = True
self.populate_default_permissions()
return fixed
def grant_perm(self, user, perm):
"""
Grant user global permissions
:param user:
:param perm:
"""
user = self._get_user(user)
perm = self._get_perm(perm)
# if this permission is already granted skip it
_perm = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm)\
.scalar()
if _perm:
return
new = UserToPerm()
new.user = user
new.permission = perm
self.sa.add(new)
def test_set_default_permissions_after_modification(self, perm, modify_to):
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
old = Permission.get_by_key(perm)
new = Permission.get_by_key(modify_to)
self.assertNotEqual(old, None)
self.assertNotEqual(new, None)
#now modify permissions
p = UserToPerm.query()\
.filter(UserToPerm.user == self.u1)\
.filter(UserToPerm.permission == old)\
.one()
p.permission = new
Session().add(p)
Session().commit()
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
def test_set_default_permissions_after_modification(self, perm, modify_to):
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
old = Permission.get_by_key(perm)
new = Permission.get_by_key(modify_to)
self.assertNotEqual(old, None)
self.assertNotEqual(new, None)
#now modify permissions
p = UserToPerm.query()\
.filter(UserToPerm.user == self.u1)\
.filter(UserToPerm.permission == old)\
.one()
p.permission = new
Session().add(p)
Session().commit()
PermissionModel().create_default_permissions(user=self.u1)
self._test_def_perm_equal(user=self.u1)
def populate_default_permissions(self):
log.info("creating default user permissions")
default_user = User.get_by_username("default")
for def_perm in User.DEFAULT_PERMISSIONS:
perm = self.sa.query(Permission).filter(Permission.permission_name == def_perm).scalar()
if not perm:
raise Exception("CRITICAL: permission %s not found inside database !!" % def_perm)
if (
not UserToPerm.query()
.filter(UserToPerm.permission == perm)
.filter(UserToPerm.user == default_user)
.scalar()
):
reg_perm = UserToPerm()
reg_perm.user = default_user
reg_perm.permission = perm
self.sa.add(reg_perm)
def reset_permissions(self, username):
"""
Resets permissions to default state, usefull when old systems had
bad permissions, we must clean them up
:param username:
:type username:
"""
default_user = User.get_by_username(username)
if not default_user:
return
u2p = UserToPerm.query().filter(UserToPerm.user == default_user).all()
fixed = False
if len(u2p) != len(User.DEFAULT_PERMISSIONS):
for p in u2p:
Session().delete(p)
fixed = True
self.populate_default_permissions()
return fixed
def populate_default_permissions(self):
log.info('creating default user permissions')
default_user = User.get_by_username('default')
for def_perm in User.DEFAULT_PERMISSIONS:
perm = self.sa.query(Permission)\
.filter(Permission.permission_name == def_perm)\
.scalar()
if not perm:
raise Exception(
'CRITICAL: permission %s not found inside database !!'
% def_perm
)
if not UserToPerm.query()\
.filter(UserToPerm.permission == perm)\
.filter(UserToPerm.user == default_user).scalar():
reg_perm = UserToPerm()
reg_perm.user = default_user
reg_perm.permission = perm
self.sa.add(reg_perm)
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('user_perm', id=ID, method='put')
user = User.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
user.inherit_default_permissions = inherit_perms
Session().add(user)
user_model = UserModel()
defs = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
user_model.grant_perm(id, 'hg.create.repository')
else:
user_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
user_model.grant_perm(id, 'hg.usergroup.create.true')
else:
user_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
user_model.grant_perm(id, 'hg.fork.repository')
else:
user_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_user', id=id))
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('user_perm', id=ID, method='put')
user = User.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
user.inherit_default_permissions = inherit_perms
Session().add(user)
user_model = UserModel()
defs = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
user_model.grant_perm(id, 'hg.create.repository')
else:
user_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
user_model.grant_perm(id, 'hg.usergroup.create.true')
else:
user_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
user_model.grant_perm(id, 'hg.fork.repository')
else:
user_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_user', id=id))
def has_perm(self, user, perm):
perm = self._get_perm(perm)
user = self._get_user(user)
return UserToPerm.query().filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm).scalar() is not None
