def grant_users_group_permission(self, repo, group_name, perm): """ Grant permission for users group on given repository, or update existing one if found :param repo: Instance of Repository, repository_id, or repository name :param group_name: Instance of UserGroup, users_group_id, or users group name :param perm: Instance of Permission, or permission_name """ repo = self.__get_repo(repo) group_name = self.__get_users_group(group_name) permission = self.__get_perm(perm) # check if we have that permission already obj = self.sa.query(UsersGroupRepoToPerm)\ .filter(UsersGroupRepoToPerm.users_group == group_name)\ .filter(UsersGroupRepoToPerm.repository == repo)\ .scalar() if obj is None: # create new obj = UsersGroupRepoToPerm() obj.repository = repo obj.users_group = group_name obj.permission = permission self.sa.add(obj)
def grant_users_group_permission(self, repo, group_name, perm): """ Grant permission for users group on given repository, or update existing one if found :param repo: Instance of Repository, repository_id, or repository name :param group_name: Instance of UserGroup, users_group_id, or users group name :param perm: Instance of Permission, or permission_name """ repo = self.__get_repo(repo) group_name = self.__get_users_group(group_name) permission = self.__get_perm(perm) # check if we have that permission already obj = ( self.sa.query(UsersGroupRepoToPerm) .filter(UsersGroupRepoToPerm.users_group == group_name) .filter(UsersGroupRepoToPerm.repository == repo) .scalar() ) if obj is None: # create new obj = UsersGroupRepoToPerm() obj.repository = repo obj.users_group = group_name obj.permission = permission self.sa.add(obj)
def update_users_group_permission(self, repository, users_group, permission): permission = Permission.get_by_key(permission) current = self.get_users_group_permission(repository, users_group) if current: if not current.permission is permission: current.permission = permission else: p = UsersGroupRepoToPerm() p.users_group = users_group p.repository = repository p.permission = permission self.sa.add(p)
def update_users_group_permission(self, repository, users_group, permission): permission = Permission.get_by_key(permission) current = self.get_users_group_permission(repository, users_group) if current: if not current.permission is permission: current.permission = permission else: p = UsersGroupRepoToPerm() p.users_group = users_group p.repository = repository p.permission = permission self.sa.add(p) Session.commit()
def _load_data(self, id): c.users_group.permissions = { 'repositories': {}, 'repositories_groups': {} } ugroup_repo_perms = UsersGroupRepoToPerm.query()\ .options(joinedload(UsersGroupRepoToPerm.permission))\ .options(joinedload(UsersGroupRepoToPerm.repository))\ .filter(UsersGroupRepoToPerm.users_group_id == id)\ .all() for gr in ugroup_repo_perms: c.users_group.permissions['repositories'][gr.repository.repo_name] \ = gr.permission.permission_name ugroup_group_perms = UsersGroupRepoGroupToPerm.query()\ .options(joinedload(UsersGroupRepoGroupToPerm.permission))\ .options(joinedload(UsersGroupRepoGroupToPerm.group))\ .filter(UsersGroupRepoGroupToPerm.users_group_id == id)\ .all() for gr in ugroup_group_perms: c.users_group.permissions['repositories_groups'][gr.group.group_name] \ = gr.permission.permission_name c.group_members_obj = [x.user for x in c.users_group.members] c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] c.available_members = [(x.user_id, x.username) for x in User.query().all()]
def get_users_group_permission(self, repository, users_group): return ( UsersGroupRepoToPerm.query() .filter(UsersGroupRepoToPerm.users_group == users_group) .filter(UsersGroupRepoToPerm.repository == repository) .scalar() )
def delete(self, users_group, force=False): """ Deletes repos group, unless force flag is used raises exception if there are members in that group, else deletes group and users :param users_group: :param force: """ try: users_group = self.__get_users_group(users_group) # check if this group is not assigned to repo assigned_groups = UsersGroupRepoToPerm.query()\ .filter(UsersGroupRepoToPerm.users_group == users_group).all() if assigned_groups and force is False: raise UsersGroupsAssignedException('RepoGroup assigned to %s' % assigned_groups) self.sa.delete(users_group) except: log.error(traceback.format_exc()) raise
def get_users_group_permission(self, repository, users_group): return UsersGroupRepoToPerm.query() \ .filter(UsersGroupRepoToPerm.users_group == users_group) \ .filter(UsersGroupRepoToPerm.repository == repository) \ .scalar()
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data["perms_updates"]: if member_type == "user": r2p = ( self.sa.query(RepoToPerm) .filter(RepoToPerm.user == User.by_username(member)) .filter(RepoToPerm.repository == cur_repo) .one() ) r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = ( self.sa.query(UsersGroupRepoToPerm) .filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member)) .filter(UsersGroupRepoToPerm.repository == cur_repo) .one() ) g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # set new permissions for member, perm, member_type in form_data["perms_new"]: if member_type == "user": r2p = RepoToPerm() r2p.repository = cur_repo r2p.user = User.by_username(member) r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = UsersGroupRepoToPerm() g2p.repository = cur_repo g2p.users_group = UsersGroup.get_by_group_name(member) g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # update current repo for k, v in form_data.items(): if k == "user": cur_repo.user = User.by_username(v) elif k == "repo_name": cur_repo.repo_name = form_data["repo_name_full"] elif k == "repo_group": cur_repo.group_id = v else: setattr(cur_repo, k, v) self.sa.add(cur_repo) if repo_name != form_data["repo_name_full"]: # rename repository self.__rename_repo(old=repo_name, new=form_data["repo_name_full"]) self.sa.commit() except: log.error(traceback.format_exc()) self.sa.rollback() raise
def create(self, form_data, cur_user, just_db=False, fork=False): from rhodecode.model.scm import ScmModel try: if fork: fork_parent_id = form_data['fork_parent_id'] # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name = form_data['repo_name'] repo_name_full = form_data['repo_name_full'] new_repo = Repository() new_repo.enable_statistics = False for k, v in form_data.items(): if k == 'repo_name': v = repo_name_full if k == 'repo_group': k = 'group_id' if k == 'description': v = v or repo_name setattr(new_repo, k, v) if fork: parent_repo = Repository.get(fork_parent_id) new_repo.fork = parent_repo new_repo.user_id = cur_user.user_id self.sa.add(new_repo) def _create_default_perms(): # create default permission repo_to_perm = UserRepoToPerm() default = 'repository.read' for p in User.get_by_username('default').user_perms: if p.permission.permission_name.startswith('repository.'): default = p.permission.permission_name break default_perm = 'repository.none' if form_data[ 'private'] else default repo_to_perm.permission_id = self.sa.query(Permission)\ .filter(Permission.permission_name == default_perm)\ .one().permission_id repo_to_perm.repository = new_repo repo_to_perm.user_id = User.get_by_username('default').user_id self.sa.add(repo_to_perm) if fork: if form_data.get('copy_permissions'): repo = Repository.get(fork_parent_id) user_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository == repo).all() group_perms = UsersGroupRepoToPerm.query()\ .filter(UsersGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UsersGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) else: _create_default_perms() else: _create_default_perms() if not just_db: self.__create_repo(repo_name, form_data['repo_type'], form_data['repo_group'], form_data['clone_uri']) log_create_repository(new_repo.get_dict(), created_by=cur_user.username) # now automatically start following this repository as owner ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, cur_user.user_id) return new_repo except: log.error(traceback.format_exc()) raise
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data['perms_updates']: if member_type == 'user': r2p = self.sa.query(RepoToPerm)\ .filter(RepoToPerm.user == User.get_by_username(member))\ .filter(RepoToPerm.repository == cur_repo)\ .one() r2p.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = self.sa.query(UsersGroupRepoToPerm)\ .filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member))\ .filter(UsersGroupRepoToPerm.repository == cur_repo).one() g2p.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # set new permissions for member, perm, member_type in form_data['perms_new']: if member_type == 'user': r2p = RepoToPerm() r2p.repository = cur_repo r2p.user = User.get_by_username(member) r2p.permission = self.sa.query(Permission)\ .filter(Permission. permission_name == perm)\ .scalar() self.sa.add(r2p) else: g2p = UsersGroupRepoToPerm() g2p.repository = cur_repo g2p.users_group = UsersGroup.get_by_group_name(member) g2p.permission = self.sa.query(Permission)\ .filter(Permission. permission_name == perm)\ .scalar() self.sa.add(g2p) # update current repo for k, v in form_data.items(): if k == 'user': cur_repo.user = User.get_by_username(v) elif k == 'repo_name': pass elif k == 'repo_group': cur_repo.group_id = v else: setattr(cur_repo, k, v) new_name = cur_repo.get_new_name(form_data['repo_name']) cur_repo.repo_name = new_name self.sa.add(cur_repo) if repo_name != new_name: # rename repository self.__rename_repo(old=repo_name, new=new_name) self.sa.commit() return cur_repo except: log.error(traceback.format_exc()) self.sa.rollback() raise
def create(self, form_data, cur_user, just_db=False, fork=False): from rhodecode.model.scm import ScmModel try: if fork: fork_parent_id = form_data["fork_parent_id"] # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name = form_data["repo_name"] repo_name_full = form_data["repo_name_full"] new_repo = Repository() new_repo.enable_statistics = False for k, v in form_data.items(): if k == "repo_name": v = repo_name_full if k == "repo_group": k = "group_id" if k == "description": v = v or repo_name setattr(new_repo, k, v) if fork: parent_repo = Repository.get(fork_parent_id) new_repo.fork = parent_repo new_repo.user_id = cur_user.user_id self.sa.add(new_repo) def _create_default_perms(): # create default permission repo_to_perm = UserRepoToPerm() default = "repository.read" for p in User.get_by_username("default").user_perms: if p.permission.permission_name.startswith("repository."): default = p.permission.permission_name break default_perm = "repository.none" if form_data["private"] else default repo_to_perm.permission_id = ( self.sa.query(Permission).filter(Permission.permission_name == default_perm).one().permission_id ) repo_to_perm.repository = new_repo repo_to_perm.user_id = User.get_by_username("default").user_id self.sa.add(repo_to_perm) if fork: if form_data.get("copy_permissions"): repo = Repository.get(fork_parent_id) user_perms = UserRepoToPerm.query().filter(UserRepoToPerm.repository == repo).all() group_perms = UsersGroupRepoToPerm.query().filter(UsersGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UsersGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) else: _create_default_perms() else: _create_default_perms() if not just_db: self.__create_repo(repo_name, form_data["repo_type"], form_data["repo_group"], form_data["clone_uri"]) log_create_repository(new_repo.get_dict(), created_by=cur_user.username) # now automatically start following this repository as owner ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, cur_user.user_id) return new_repo except: log.error(traceback.format_exc()) raise
def create_repo(self, repo_name, repo_type, description, owner, private=False, clone_uri=None, repos_group=None, landing_rev='tip', just_db=False, fork_of=None, copy_fork_permissions=False): """ Create repository """ from rhodecode.model.scm import ScmModel owner = self._get_user(owner) fork_of = self._get_repo(fork_of) repos_group = self._get_repos_group(repos_group) try: # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name_full = repo_name repo_name = repo_name.split(self.URL_SEPARATOR)[-1] new_repo = Repository() new_repo.enable_statistics = False new_repo.repo_name = repo_name_full new_repo.repo_type = repo_type new_repo.user = owner new_repo.group = repos_group new_repo.description = description or repo_name new_repo.private = private new_repo.clone_uri = clone_uri new_repo.landing_rev = landing_rev if repos_group: new_repo.enable_locking = repos_group.enable_locking if fork_of: parent_repo = fork_of new_repo.fork = parent_repo self.sa.add(new_repo) def _create_default_perms(): # create default permission repo_to_perm = UserRepoToPerm() default = 'repository.read' for p in User.get_by_username('default').user_perms: if p.permission.permission_name.startswith('repository.'): default = p.permission.permission_name break default_perm = 'repository.none' if private else default repo_to_perm.permission_id = self.sa.query(Permission)\ .filter(Permission.permission_name == default_perm)\ .one().permission_id repo_to_perm.repository = new_repo repo_to_perm.user_id = User.get_by_username('default').user_id self.sa.add(repo_to_perm) if fork_of: if copy_fork_permissions: repo = fork_of user_perms = UserRepoToPerm.query()\ .filter(UserRepoToPerm.repository == repo).all() group_perms = UsersGroupRepoToPerm.query()\ .filter(UsersGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UsersGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) else: _create_default_perms() else: _create_default_perms() if not just_db: self.__create_repo(repo_name, repo_type, repos_group, clone_uri) log_create_repository(new_repo.get_dict(), created_by=owner.username) # now automatically start following this repository as owner ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, owner.user_id) return new_repo except: log.error(traceback.format_exc()) raise