def grant_users_group_permission(self, repo, group_name, perm):
"""
Grant permission for users group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or users group name
:param perm: Instance of Permission, or permission_name
"""
repo = self.__get_repo(repo)
group_name = self.__get_users_group(group_name)
permission = self.__get_perm(perm)
# check if we have that permission already
obj = self.sa.query(UsersGroupRepoToPerm)\
.filter(UsersGroupRepoToPerm.users_group == group_name)\
.filter(UsersGroupRepoToPerm.repository == repo)\
.scalar()
if obj is None:
# create new
obj = UsersGroupRepoToPerm()
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
self.sa.add(obj)
def grant_users_group_permission(self, repo, group_name, perm):
"""
Grant permission for users group on given repository, or update
existing one if found
:param repo: Instance of Repository, repository_id, or repository name
:param group_name: Instance of UserGroup, users_group_id,
or users group name
:param perm: Instance of Permission, or permission_name
"""
repo = self.__get_repo(repo)
group_name = self.__get_users_group(group_name)
permission = self.__get_perm(perm)
# check if we have that permission already
obj = (
self.sa.query(UsersGroupRepoToPerm)
.filter(UsersGroupRepoToPerm.users_group == group_name)
.filter(UsersGroupRepoToPerm.repository == repo)
.scalar()
)
if obj is None:
# create new
obj = UsersGroupRepoToPerm()
obj.repository = repo
obj.users_group = group_name
obj.permission = permission
self.sa.add(obj)
def update_users_group_permission(self, repository, users_group,
permission):
permission = Permission.get_by_key(permission)
current = self.get_users_group_permission(repository, users_group)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UsersGroupRepoToPerm()
p.users_group = users_group
p.repository = repository
p.permission = permission
self.sa.add(p)
def update_users_group_permission(self, repository, users_group, permission):
permission = Permission.get_by_key(permission)
current = self.get_users_group_permission(repository, users_group)
if current:
if not current.permission is permission:
current.permission = permission
else:
p = UsersGroupRepoToPerm()
p.users_group = users_group
p.repository = repository
p.permission = permission
self.sa.add(p)
Session.commit()
def _load_data(self, id):
c.users_group.permissions = {
'repositories': {},
'repositories_groups': {}
}
ugroup_repo_perms = UsersGroupRepoToPerm.query()\
.options(joinedload(UsersGroupRepoToPerm.permission))\
.options(joinedload(UsersGroupRepoToPerm.repository))\
.filter(UsersGroupRepoToPerm.users_group_id == id)\
.all()
for gr in ugroup_repo_perms:
c.users_group.permissions['repositories'][gr.repository.repo_name] \
= gr.permission.permission_name
ugroup_group_perms = UsersGroupRepoGroupToPerm.query()\
.options(joinedload(UsersGroupRepoGroupToPerm.permission))\
.options(joinedload(UsersGroupRepoGroupToPerm.group))\
.filter(UsersGroupRepoGroupToPerm.users_group_id == id)\
.all()
for gr in ugroup_group_perms:
c.users_group.permissions['repositories_groups'][gr.group.group_name] \
= gr.permission.permission_name
c.group_members_obj = [x.user for x in c.users_group.members]
c.group_members = [(x.user_id, x.username) for x in
c.group_members_obj]
c.available_members = [(x.user_id, x.username) for x in
User.query().all()]
def get_users_group_permission(self, repository, users_group):
return (
UsersGroupRepoToPerm.query()
.filter(UsersGroupRepoToPerm.users_group == users_group)
.filter(UsersGroupRepoToPerm.repository == repository)
.scalar()
)
def delete(self, users_group, force=False):
"""
Deletes repos group, unless force flag is used
raises exception if there are members in that group, else deletes
group and users
:param users_group:
:param force:
"""
try:
users_group = self.__get_users_group(users_group)
# check if this group is not assigned to repo
assigned_groups = UsersGroupRepoToPerm.query()\
.filter(UsersGroupRepoToPerm.users_group == users_group).all()
if assigned_groups and force is False:
raise UsersGroupsAssignedException('RepoGroup assigned to %s' %
assigned_groups)
self.sa.delete(users_group)
except:
log.error(traceback.format_exc())
raise
def get_users_group_permission(self, repository, users_group):
return UsersGroupRepoToPerm.query() \
.filter(UsersGroupRepoToPerm.users_group == users_group) \
.filter(UsersGroupRepoToPerm.repository == repository) \
.scalar()
def update(self, repo_name, form_data):
try:
cur_repo = self.get_by_repo_name(repo_name, cache=False)
# update permissions
for member, perm, member_type in form_data["perms_updates"]:
if member_type == "user":
r2p = (
self.sa.query(RepoToPerm)
.filter(RepoToPerm.user == User.by_username(member))
.filter(RepoToPerm.repository == cur_repo)
.one()
)
r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(r2p)
else:
g2p = (
self.sa.query(UsersGroupRepoToPerm)
.filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member))
.filter(UsersGroupRepoToPerm.repository == cur_repo)
.one()
)
g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(g2p)
# set new permissions
for member, perm, member_type in form_data["perms_new"]:
if member_type == "user":
r2p = RepoToPerm()
r2p.repository = cur_repo
r2p.user = User.by_username(member)
r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(r2p)
else:
g2p = UsersGroupRepoToPerm()
g2p.repository = cur_repo
g2p.users_group = UsersGroup.get_by_group_name(member)
g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(g2p)
# update current repo
for k, v in form_data.items():
if k == "user":
cur_repo.user = User.by_username(v)
elif k == "repo_name":
cur_repo.repo_name = form_data["repo_name_full"]
elif k == "repo_group":
cur_repo.group_id = v
else:
setattr(cur_repo, k, v)
self.sa.add(cur_repo)
if repo_name != form_data["repo_name_full"]:
# rename repository
self.__rename_repo(old=repo_name, new=form_data["repo_name_full"])
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def create(self, form_data, cur_user, just_db=False, fork=False):
from rhodecode.model.scm import ScmModel
try:
if fork:
fork_parent_id = form_data['fork_parent_id']
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name = form_data['repo_name']
repo_name_full = form_data['repo_name_full']
new_repo = Repository()
new_repo.enable_statistics = False
for k, v in form_data.items():
if k == 'repo_name':
v = repo_name_full
if k == 'repo_group':
k = 'group_id'
if k == 'description':
v = v or repo_name
setattr(new_repo, k, v)
if fork:
parent_repo = Repository.get(fork_parent_id)
new_repo.fork = parent_repo
new_repo.user_id = cur_user.user_id
self.sa.add(new_repo)
def _create_default_perms():
# create default permission
repo_to_perm = UserRepoToPerm()
default = 'repository.read'
for p in User.get_by_username('default').user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if form_data[
'private'] else default
repo_to_perm.permission_id = self.sa.query(Permission)\
.filter(Permission.permission_name == default_perm)\
.one().permission_id
repo_to_perm.repository = new_repo
repo_to_perm.user_id = User.get_by_username('default').user_id
self.sa.add(repo_to_perm)
if fork:
if form_data.get('copy_permissions'):
repo = Repository.get(fork_parent_id)
user_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UsersGroupRepoToPerm.query()\
.filter(UsersGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo,
perm.permission)
for perm in group_perms:
UsersGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
else:
_create_default_perms()
else:
_create_default_perms()
if not just_db:
self.__create_repo(repo_name, form_data['repo_type'],
form_data['repo_group'],
form_data['clone_uri'])
log_create_repository(new_repo.get_dict(),
created_by=cur_user.username)
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
cur_user.user_id)
return new_repo
except:
log.error(traceback.format_exc())
raise
def update(self, repo_name, form_data):
try:
cur_repo = self.get_by_repo_name(repo_name, cache=False)
# update permissions
for member, perm, member_type in form_data['perms_updates']:
if member_type == 'user':
r2p = self.sa.query(RepoToPerm)\
.filter(RepoToPerm.user == User.get_by_username(member))\
.filter(RepoToPerm.repository == cur_repo)\
.one()
r2p.permission = self.sa.query(Permission)\
.filter(Permission.permission_name ==
perm).scalar()
self.sa.add(r2p)
else:
g2p = self.sa.query(UsersGroupRepoToPerm)\
.filter(UsersGroupRepoToPerm.users_group ==
UsersGroup.get_by_group_name(member))\
.filter(UsersGroupRepoToPerm.repository ==
cur_repo).one()
g2p.permission = self.sa.query(Permission)\
.filter(Permission.permission_name ==
perm).scalar()
self.sa.add(g2p)
# set new permissions
for member, perm, member_type in form_data['perms_new']:
if member_type == 'user':
r2p = RepoToPerm()
r2p.repository = cur_repo
r2p.user = User.get_by_username(member)
r2p.permission = self.sa.query(Permission)\
.filter(Permission.
permission_name == perm)\
.scalar()
self.sa.add(r2p)
else:
g2p = UsersGroupRepoToPerm()
g2p.repository = cur_repo
g2p.users_group = UsersGroup.get_by_group_name(member)
g2p.permission = self.sa.query(Permission)\
.filter(Permission.
permission_name == perm)\
.scalar()
self.sa.add(g2p)
# update current repo
for k, v in form_data.items():
if k == 'user':
cur_repo.user = User.get_by_username(v)
elif k == 'repo_name':
pass
elif k == 'repo_group':
cur_repo.group_id = v
else:
setattr(cur_repo, k, v)
new_name = cur_repo.get_new_name(form_data['repo_name'])
cur_repo.repo_name = new_name
self.sa.add(cur_repo)
if repo_name != new_name:
# rename repository
self.__rename_repo(old=repo_name, new=new_name)
self.sa.commit()
return cur_repo
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def create(self, form_data, cur_user, just_db=False, fork=False):
from rhodecode.model.scm import ScmModel
try:
if fork:
fork_parent_id = form_data["fork_parent_id"]
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name = form_data["repo_name"]
repo_name_full = form_data["repo_name_full"]
new_repo = Repository()
new_repo.enable_statistics = False
for k, v in form_data.items():
if k == "repo_name":
v = repo_name_full
if k == "repo_group":
k = "group_id"
if k == "description":
v = v or repo_name
setattr(new_repo, k, v)
if fork:
parent_repo = Repository.get(fork_parent_id)
new_repo.fork = parent_repo
new_repo.user_id = cur_user.user_id
self.sa.add(new_repo)
def _create_default_perms():
# create default permission
repo_to_perm = UserRepoToPerm()
default = "repository.read"
for p in User.get_by_username("default").user_perms:
if p.permission.permission_name.startswith("repository."):
default = p.permission.permission_name
break
default_perm = "repository.none" if form_data["private"] else default
repo_to_perm.permission_id = (
self.sa.query(Permission).filter(Permission.permission_name == default_perm).one().permission_id
)
repo_to_perm.repository = new_repo
repo_to_perm.user_id = User.get_by_username("default").user_id
self.sa.add(repo_to_perm)
if fork:
if form_data.get("copy_permissions"):
repo = Repository.get(fork_parent_id)
user_perms = UserRepoToPerm.query().filter(UserRepoToPerm.repository == repo).all()
group_perms = UsersGroupRepoToPerm.query().filter(UsersGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UsersGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission)
else:
_create_default_perms()
else:
_create_default_perms()
if not just_db:
self.__create_repo(repo_name, form_data["repo_type"], form_data["repo_group"], form_data["clone_uri"])
log_create_repository(new_repo.get_dict(), created_by=cur_user.username)
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, cur_user.user_id)
return new_repo
except:
log.error(traceback.format_exc())
raise
def create_repo(self, repo_name, repo_type, description, owner,
private=False, clone_uri=None, repos_group=None,
landing_rev='tip', just_db=False, fork_of=None,
copy_fork_permissions=False):
"""
Create repository
"""
from rhodecode.model.scm import ScmModel
owner = self._get_user(owner)
fork_of = self._get_repo(fork_of)
repos_group = self._get_repos_group(repos_group)
try:
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
new_repo = Repository()
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.user = owner
new_repo.group = repos_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
if repos_group:
new_repo.enable_locking = repos_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
self.sa.add(new_repo)
def _create_default_perms():
# create default permission
repo_to_perm = UserRepoToPerm()
default = 'repository.read'
for p in User.get_by_username('default').user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
default_perm = 'repository.none' if private else default
repo_to_perm.permission_id = self.sa.query(Permission)\
.filter(Permission.permission_name == default_perm)\
.one().permission_id
repo_to_perm.repository = new_repo
repo_to_perm.user_id = User.get_by_username('default').user_id
self.sa.add(repo_to_perm)
if fork_of:
if copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UsersGroupRepoToPerm.query()\
.filter(UsersGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo,
perm.permission)
for perm in group_perms:
UsersGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
else:
_create_default_perms()
else:
_create_default_perms()
if not just_db:
self.__create_repo(repo_name, repo_type,
repos_group,
clone_uri)
log_create_repository(new_repo.get_dict(),
created_by=owner.username)
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
owner.user_id)
return new_repo
except:
log.error(traceback.format_exc())
raise
