def create(self, name, active=True): try: new = UsersGroup() new.users_group_name = name new.users_group_active = active self.sa.add(new) return new except: log.error(traceback.format_exc()) raise
def get_users_group(self, apiuser, group_name): """" Get users group by name :param apiuser: :param group_name: """ users_group = UsersGroup.get_by_group_name(group_name) if not users_group: return None members = [] for user in users_group.members: user = user.user members.append(dict(id=user.user_id, username=user.username, firstname=user.name, lastname=user.lastname, email=user.email, active=user.active, admin=user.admin, ldap=user.ldap_dn)) return dict(id=users_group.users_group_id, group_name=users_group.users_group_name, active=users_group.users_group_active, members=members)
def add_user_to_users_group(self, apiuser, group_name, username): """" Add a user to a users group :param apiuser: :param group_name: :param username: """ try: users_group = UsersGroup.get_by_group_name(group_name) if not users_group: raise JSONRPCError('unknown users group %s' % group_name) user = User.get_by_username(username) if user is None: raise JSONRPCError('unknown user %s' % username) ugm = UsersGroupModel().add_user_to_group(users_group, user) success = True if ugm != True else False msg = 'added member %s to users group %s' % (username, group_name) msg = msg if success else 'User is already in that group' Session.commit() return dict( id=ugm.users_group_member_id if ugm != True else None, success=success, msg=msg ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to add users group member')
def add_user_to_users_group(self, apiuser, group_name, user_name): """" Add a user to a group :param apiuser :param group_name :param user_name """ try: users_group = UsersGroup.get_by_group_name(group_name) if not users_group: raise JSONRPCError('unknown users group %s' % group_name) try: user = User.get_by_username(user_name) except NoResultFound: raise JSONRPCError('unknown user %s' % user_name) ugm = UsersGroupModel().add_user_to_group(users_group, user) return dict(id=ugm.users_group_member_id, msg='created new users group member') except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to create users group member')
def revoke_users_group_permission(self, apiuser, repo_name, group_name): """ Revoke permission for users group on given repository :param repo_name: :param group_name: """ try: repo = Repository.get_by_repo_name(repo_name) if repo is None: raise JSONRPCError('unknown repository %s' % repo) user_group = UsersGroup.get_by_group_name(group_name) if user_group is None: raise JSONRPCError('unknown users group %s' % user_group) RepoModel().revoke_users_group_permission(repo=repo_name, group_name=group_name) Session.commit() return dict( msg='Revoked perm for group: %s in repo: %s' % ( group_name, repo_name ) ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'failed to edit permission %(repo)s for %(usersgr)s' % dict( usersgr=group_name, repo=repo_name ) )
def edit(self, id, format='html'): """GET /users_groups/id/edit: Form to edit an existing item""" # url('edit_users_group', id=ID) c.users_group = UsersGroup.get_or_404(id) c.users_group.permissions = {} c.group_members_obj = [x.user for x in c.users_group.members] c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] c.available_members = [(x.user_id, x.username) for x in User.query().all()] ug_model = UsersGroupModel() defaults = c.users_group.get_dict() defaults.update({ 'create_repo_perm': ug_model.has_perm(c.users_group, 'hg.create.repository'), 'fork_repo_perm': ug_model.has_perm(c.users_group, 'hg.fork.repository'), }) return htmlfill.render( render('admin/users_groups/users_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def get_users_group(self, apiuser, group_name): """" Get users group by name :param apiuser: :param group_name: """ users_group = UsersGroup.get_by_group_name(group_name) if not users_group: return None members = [] for user in users_group.members: user = user.user members.append(dict(id=user.user_id, username=user.username, firstname=user.name, lastname=user.lastname, email=user.email, active=user.active, admin=user.admin, ldap=user.ldap_dn)) return dict(id=users_group.users_group_id, name=users_group.users_group_name, active=users_group.users_group_active, members=members)
def get_users_groups(self, apiuser): """" Get all users groups :param apiuser: """ result = [] for users_group in UsersGroup.getAll(): members = [] for user in users_group.members: user = user.user members.append(dict(id=user.user_id, username=user.username, firstname=user.name, lastname=user.lastname, email=user.email, active=user.active, admin=user.admin, ldap=user.ldap_dn)) result.append(dict(id=users_group.users_group_id, name=users_group.users_group_name, active=users_group.users_group_active, members=members)) return result
def get_users_groups(self, apiuser): """" Get all users groups :param apiuser: """ result = [] for users_group in UsersGroup.getAll(): members = [] for user in users_group.members: user = user.user members.append(dict(id=user.user_id, username=user.username, firstname=user.name, lastname=user.lastname, email=user.email, active=user.active, admin=user.admin, ldap=user.ldap_dn)) result.append(dict(id=users_group.users_group_id, group_name=users_group.users_group_name, active=users_group.users_group_active, members=members)) return result
def remove_user_from_users_group(self, apiuser, group_name, username): """ Remove user from a group :param apiuser :param group_name :param username """ try: users_group = UsersGroup.get_by_group_name(group_name) if not users_group: raise JSONRPCError('unknown users group %s' % group_name) user = User.get_by_username(username) if user is None: raise JSONRPCError('unknown user %s' % username) success = UsersGroupModel().remove_user_from_group(users_group, user) msg = 'removed member %s from users group %s' % (username, group_name) msg = msg if success else "User wasn't in group" Session.commit() return dict(success=success, msg=msg) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to remove user from group')
def test_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USERS_GROUP + 'another2' response = self.app.post(url('users_groups'), {'users_group_name': users_group_name, 'active':True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'created users group %s' % users_group_name) response = self.app.put(url('users_group_perm', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') # check if user has this perm perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group == ug).all() perms = [[x.__dict__['users_group_id'], x.__dict__['permission_id'],] for x in perms] self.assertEqual( perms, [[ug.users_group_id, p.permission_id]] ) # DELETE ! ug = UsersGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = self.Session.query(UsersGroup)\ .filter(UsersGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group_id == ugid).all() perms = [[x.__dict__['users_group_id'], x.__dict__['permission_id'],] for x in perms] self.assertEqual( perms, [] )
def to_python(self, value, state): perms_update = OrderedSet() perms_new = OrderedSet() # build a list of permission to update and new permission to create # CLEAN OUT ORG VALUE FROM NEW MEMBERS, and group them using new_perms_group = defaultdict(dict) for k, v in value.copy().iteritems(): if k.startswith("perm_new_member"): del value[k] _type, part = k.split("perm_new_member_") args = part.split("_") if len(args) == 1: new_perms_group[args[0]]["perm"] = v elif len(args) == 2: _key, pos = args new_perms_group[pos][_key] = v # fill new permissions in order of how they were added for k in sorted(map(int, new_perms_group.keys())): perm_dict = new_perms_group[str(k)] new_member = perm_dict.get("name") new_perm = perm_dict.get("perm") new_type = perm_dict.get("type") if new_member and new_perm and new_type: perms_new.add((new_member, new_perm, new_type)) for k, v in value.iteritems(): if k.startswith("u_perm_") or k.startswith("g_perm_"): member = k[7:] t = {"u": "user", "g": "users_group"}[k[0]] if member == "default": if value.get("private"): # set none for default when updating to # private repo v = EMPTY_PERM perms_update.add((member, v, t)) value["perms_updates"] = list(perms_update) value["perms_new"] = list(perms_new) # update permissions for k, v, t in perms_new: try: if t is "user": self.user_db = User.query().filter(User.active == True).filter(User.username == k).one() if t is "users_group": self.user_db = ( UsersGroup.query() .filter(UsersGroup.users_group_active == True) .filter(UsersGroup.users_group_name == k) .one() ) except Exception: log.exception("Updated permission failed") msg = M(self, "perm_new_member_type", state) raise formencode.Invalid(msg, value, state, error_dict=dict(perm_new_member_name=msg)) return value
def validate_python(self, value, state): if value in ["default"]: msg = M(self, "invalid_group", state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg)) # check if group is unique old_ugname = None if edit: old_id = old_data.get("users_group_id") old_ugname = UsersGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UsersGroup.get_by_group_name(value, case_insensitive=True) if is_existing_group: msg = M(self, "group_exist", state, usersgroup=value) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg)) if re.match(r"^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$", value) is None: msg = M(self, "invalid_usersgroup_name", state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg))
def update(self, id): """PUT /users_groups/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('users_group', id=ID), # method='put') # url('users_group', id=ID) c.users_group = UsersGroup.get(id) c.group_members_obj = [x.user for x in c.users_group.members] c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] c.available_members = [(x.user_id, x.username) for x in User.query().all()] available_members = [safe_unicode(x[0]) for x in c.available_members] users_group_form = UsersGroupForm(edit=True, old_data=c.users_group.get_dict(), available_members=available_members)() try: form_result = users_group_form.to_python(request.POST) UsersGroupModel().update(c.users_group, form_result) gr = form_result['users_group_name'] action_logger(self.rhodecode_user, 'admin_updated_users_group:%s' % gr, None, self.ip_addr, self.sa) h.flash(_('updated users group %s') % gr, category='success') Session().commit() except formencode.Invalid, errors: ug_model = UsersGroupModel() defaults = errors.value e = errors.error_dict or {} defaults.update({ 'create_repo_perm': ug_model.has_perm(id, 'hg.create.repository'), 'fork_repo_perm': ug_model.has_perm(id, 'hg.fork.repository'), '_method': 'put' }) return htmlfill.render( render('admin/users_groups/users_group_edit.html'), defaults=defaults, errors=e, prefix_error=False, encoding="UTF-8")
def create_users_group(self, apiuser, name, active): """ Creates an new usergroup :param name: :param active: """ form_data = {"users_group_name": name, "users_group_active": active} try: ug = UsersGroup.create(form_data) return {"id": ug.users_group_id, "msg": "created new users group %s" % name} except Exception: log.error(traceback.format_exc()) raise JSONRPCError("failed to create group %s" % name)
def validate_python(self, value, state): if value in ['default']: raise formencode.Invalid(_('Invalid group name'), value, state) #check if group is unique old_ugname = None if edit: old_ugname = UsersGroup.get( old_data.get('users_group_id')).users_group_name if old_ugname != value or not edit: if UsersGroup.get_by_group_name(value, cache=False, case_insensitive=True): raise formencode.Invalid(_('This users group ' 'already exists') , value, state) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: raise formencode.Invalid(_('Group name may only contain ' 'alphanumeric characters ' 'underscores, periods or dashes ' 'and must begin with alphanumeric ' 'character'), value, state)
def validate_python(self, value, state): if value in ['default']: raise formencode.Invalid(_('Invalid group name'), value, state) #check if group is unique old_ugname = None if edit: old_ugname = UsersGroup.get( old_data.get('users_group_id')).users_group_name if old_ugname != value or not edit: if UsersGroup.get_by_group_name(value, cache=False, case_insensitive=True): raise formencode.Invalid(_('This users group ' 'already exists'), value, state) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: raise formencode.Invalid( _('RepoGroup name may only contain alphanumeric characters ' 'underscores, periods or dashes and must begin with ' 'alphanumeric character'), value, state )
def delete(self, id): """DELETE /users_groups/id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('users_group', id=ID), # method='delete') # url('users_group', id=ID) usr_gr = UsersGroup.get_or_404(id) try: UsersGroupModel().delete(usr_gr) Session().commit() h.flash(_('successfully deleted users group'), category='success') except UsersGroupsAssignedException, e: h.flash(e, category='error')
def to_python(self, value, state): perms_update = [] perms_new = [] # build a list of permission to update and new permission to create for k, v in value.items(): # means new added member to permissions if k.startswith('perm_new_member'): new_perm = value.get('perm_new_member', False) new_member = value.get('perm_new_member_name', False) new_type = value.get('perm_new_member_type') if new_member and new_perm: if (new_member, new_perm, new_type) not in perms_new: perms_new.append((new_member, new_perm, new_type)) elif k.startswith('u_perm_') or k.startswith('g_perm_'): member = k[7:] t = {'u': 'user', 'g': 'users_group' }[k[0]] if member == 'default': if value.get('private'): # set none for default when updating to private repo v = EMPTY_PERM perms_update.append((member, v, t)) value['perms_updates'] = perms_update value['perms_new'] = perms_new # update permissions for k, v, t in perms_new: try: if t is 'user': self.user_db = User.query()\ .filter(User.active == True)\ .filter(User.username == k).one() if t is 'users_group': self.user_db = UsersGroup.query()\ .filter(UsersGroup.users_group_active == True)\ .filter(UsersGroup.users_group_name == k).one() except Exception: msg = self.message('perm_new_member_name', state=State_obj) raise formencode.Invalid( msg, value, state, error_dict={'perm_new_member_name': msg} ) return value
def update(self, id): """PUT /users_groups/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('users_group', id=ID), # method='put') # url('users_group', id=ID) c.users_group = UsersGroup.get(id) c.group_members_obj = [x.user for x in c.users_group.members] c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] c.available_members = [(x.user_id, x.username) for x in self.sa.query(User).all()] available_members = [safe_unicode(x[0]) for x in c.available_members] users_group_form = UsersGroupForm( edit=True, old_data=c.users_group.get_dict(), available_members=available_members)() try: form_result = users_group_form.to_python(request.POST) UsersGroupModel().update(c.users_group, form_result) h.flash(_('updated users group %s') \ % form_result['users_group_name'], category='success') #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa) Session.commit() except formencode.Invalid, errors: e = errors.error_dict or {} perm = Permission.get_by_key('hg.create.repository') e.update( {'create_repo_perm': UsersGroupModel().has_perm(id, perm)}) return htmlfill.render( render('admin/users_groups/users_group_edit.html'), defaults=errors.value, errors=e, prefix_error=False, encoding="UTF-8")
def update_perm(self, id): """PUT /users_perm/id: Update an existing item""" # url('users_group_perm', id=ID, method='put') users_group = UsersGroup.get_or_404(id) grant_create_perm = str2bool(request.POST.get('create_repo_perm')) grant_fork_perm = str2bool(request.POST.get('fork_repo_perm')) inherit_perms = str2bool(request.POST.get('inherit_default_permissions')) usersgroup_model = UsersGroupModel() try: users_group.inherit_default_permissions = inherit_perms Session().add(users_group) if grant_create_perm: usersgroup_model.revoke_perm(id, 'hg.create.none') usersgroup_model.grant_perm(id, 'hg.create.repository') h.flash(_("Granted 'repository create' permission to users group"), category='success') else: usersgroup_model.revoke_perm(id, 'hg.create.repository') usersgroup_model.grant_perm(id, 'hg.create.none') h.flash(_("Revoked 'repository create' permission to users group"), category='success') if grant_fork_perm: usersgroup_model.revoke_perm(id, 'hg.fork.none') usersgroup_model.grant_perm(id, 'hg.fork.repository') h.flash(_("Granted 'repository fork' permission to users group"), category='success') else: usersgroup_model.revoke_perm(id, 'hg.fork.repository') usersgroup_model.grant_perm(id, 'hg.fork.none') h.flash(_("Revoked 'repository fork' permission to users group"), category='success') Session().commit() except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred during permissions saving'), category='error') return redirect(url('edit_users_group', id=id))
def create_users_group(self, apiuser, name, active=True): """ Creates an new usergroup :param name: :param active: """ if self.get_users_group(apiuser, name): raise JSONRPCError("users group %s already exist" % name) try: form_data = dict(users_group_name=name, users_group_active=active) ug = UsersGroup.create(form_data) return dict(id=ug.users_group_id, msg='created new users group %s' % name) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to create group %s' % name)
def test_create_and_remove(self): usr = UserModel().create_or_update(username=u'test_user', password=u'qweqwe', email=u'*****@*****.**', name=u'u1', lastname=u'u1') Session.commit() self.assertEqual(User.get_by_username(u'test_user'), usr) # make users group users_group = UsersGroupModel().create('some_example_group') Session.commit() UsersGroupModel().add_user_to_group(users_group, usr) Session.commit() self.assertEqual(UsersGroup.get(users_group.users_group_id), users_group) self.assertEqual(UsersGroupMember.query().count(), 1) UserModel().delete(usr.user_id) Session.commit() self.assertEqual(UsersGroupMember.query().all(), [])
def edit(self, id, format='html'): """GET /users_groups/id/edit: Form to edit an existing item""" # url('edit_users_group', id=ID) c.users_group = UsersGroup.get_or_404(id) self._load_data(id) ug_model = UsersGroupModel() defaults = c.users_group.get_dict() defaults.update({ 'create_repo_perm': ug_model.has_perm(c.users_group, 'hg.create.repository'), 'fork_repo_perm': ug_model.has_perm(c.users_group, 'hg.fork.repository'), }) return htmlfill.render( render('admin/users_groups/users_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def grant_users_group_permission(self, apiuser, repo_name, group_name, perm): """ Grant permission for users group on given repository, or update existing one if found :param repo_name: :param group_name: :param perm: """ try: repo = Repository.get_by_repo_name(repo_name) if repo is None: raise JSONRPCError('unknown repository %s' % repo) user_group = UsersGroup.get_by_group_name(group_name) if user_group is None: raise JSONRPCError('unknown users group %s' % user_group) RepoModel().grant_users_group_permission(repo=repo_name, group_name=group_name, perm=perm) Session.commit() return dict( msg='Granted perm: %s for group: %s in repo: %s' % ( perm, group_name, repo_name ) ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'failed to edit permission %(repo)s for %(usersgr)s' % dict( usersgr=group_name, repo=repo_name ) )
def get(self, users_group_id, cache=False): return UsersGroup.get(users_group_id)
def test_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USERS_GROUP + 'another2' response = self.app.post(url('users_groups'), {'users_group_name': users_group_name, 'active': True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'created users group %s' % users_group_name) ## ENABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group == ug).all() self.assertEqual( [[x.users_group_id, x.permission_id, ] for x in perms], [[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id]] ) ## DISABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id]]) ) # DELETE ! ug = UsersGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = self.Session.query(UsersGroup)\ .filter(UsersGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group_id == ugid).all() perms = [[x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual( perms, [] )
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data['perms_updates']: if member_type == 'user': r2p = self.sa.query(RepoToPerm)\ .filter(RepoToPerm.user == User.get_by_username(member))\ .filter(RepoToPerm.repository == cur_repo)\ .one() r2p.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = self.sa.query(UsersGroupRepoToPerm)\ .filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member))\ .filter(UsersGroupRepoToPerm.repository == cur_repo).one() g2p.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # set new permissions for member, perm, member_type in form_data['perms_new']: if member_type == 'user': r2p = RepoToPerm() r2p.repository = cur_repo r2p.user = User.get_by_username(member) r2p.permission = self.sa.query(Permission)\ .filter(Permission. permission_name == perm)\ .scalar() self.sa.add(r2p) else: g2p = UsersGroupRepoToPerm() g2p.repository = cur_repo g2p.users_group = UsersGroup.get_by_group_name(member) g2p.permission = self.sa.query(Permission)\ .filter(Permission. permission_name == perm)\ .scalar() self.sa.add(g2p) # update current repo for k, v in form_data.items(): if k == 'user': cur_repo.user = User.get_by_username(v) elif k == 'repo_name': pass elif k == 'repo_group': cur_repo.group_id = v else: setattr(cur_repo, k, v) new_name = cur_repo.get_new_name(form_data['repo_name']) cur_repo.repo_name = new_name self.sa.add(cur_repo) if repo_name != new_name: # rename repository self.__rename_repo(old=repo_name, new=new_name) self.sa.commit() return cur_repo except: log.error(traceback.format_exc()) self.sa.rollback() raise
def get_by_name(self, name, cache=False, case_insensitive=False): return UsersGroup.get_by_group_name(name, cache, case_insensitive)
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data["perms_updates"]: if member_type == "user": r2p = ( self.sa.query(RepoToPerm) .filter(RepoToPerm.user == User.by_username(member)) .filter(RepoToPerm.repository == cur_repo) .one() ) r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = ( self.sa.query(UsersGroupRepoToPerm) .filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member)) .filter(UsersGroupRepoToPerm.repository == cur_repo) .one() ) g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # set new permissions for member, perm, member_type in form_data["perms_new"]: if member_type == "user": r2p = RepoToPerm() r2p.repository = cur_repo r2p.user = User.by_username(member) r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = UsersGroupRepoToPerm() g2p.repository = cur_repo g2p.users_group = UsersGroup.get_by_group_name(member) g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # update current repo for k, v in form_data.items(): if k == "user": cur_repo.user = User.by_username(v) elif k == "repo_name": cur_repo.repo_name = form_data["repo_name_full"] elif k == "repo_group": cur_repo.group_id = v else: setattr(cur_repo, k, v) self.sa.add(cur_repo) if repo_name != form_data["repo_name_full"]: # rename repository self.__rename_repo(old=repo_name, new=form_data["repo_name_full"]) self.sa.commit() except: log.error(traceback.format_exc()) self.sa.rollback() raise