def validate_python(self, value, state): if value in ['default']: msg = self.message('invalid_group', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg)) #check if group is unique old_ugname = None if edit: old_id = old_data.get('users_group_id') old_ugname = UserGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UserGroup.get_by_group_name( value, case_insensitive=True) if is_existing_group: msg = self.message('group_exist', state, usergroup=value) raise formencode.Invalid( msg, value, state, error_dict=dict(users_group_name=msg)) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: msg = self.message('invalid_usergroup_name', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg))
def grant_user_group_permission(self, target_user_group, user_group, perm): """ Grant user group permission for given target_user_group :param target_user_group: :param user_group: :param perm: """ target_user_group = UserGroup.guess_instance(target_user_group) user_group = UserGroup.guess_instance(user_group) permission = Permission.guess_instance(perm) # forbid assigning same user group to itself if target_user_group == user_group: raise RepoGroupAssignmentError('target repo:%s cannot be ' 'assigned to itself' % target_user_group) # check if we have that permission already obj = UserGroupUserGroupToPerm.query() \ .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \ .filter(UserGroupUserGroupToPerm.user_group == user_group) \ .scalar() if obj is None: # create new ! obj = UserGroupUserGroupToPerm() Session().add(obj) obj.user_group = user_group obj.target_user_group = target_user_group obj.permission = permission log.debug('Granted perm %s to %s on %s', perm, target_user_group, user_group) return obj
def validate_python(self, value, state): if value in ['default']: msg = M(self, 'invalid_group', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) #check if group is unique old_ugname = None if edit: old_id = old_data.get('users_group_id') old_ugname = UserGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UserGroup.get_by_group_name(value, case_insensitive=True) if is_existing_group: msg = M(self, 'group_exist', state, usergroup=value) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: msg = M(self, 'invalid_usergroup_name', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) )
def edit_perms(self, id): c.user_group = UserGroup.get_or_404(id) c.active = 'perms' repo_model = RepoModel() c.users_array = repo_model.get_users_js() c.user_groups_array = repo_model.get_user_groups_js() defaults = {} # fill user group users for p in c.user_group.user_user_group_to_perm: defaults.update( {'u_perm_%s' % p.user.username: p.permission.permission_name}) for p in c.user_group.user_group_user_group_to_perm: defaults.update({ 'g_perm_%s' % p.user_group.users_group_name: p.permission.permission_name }) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def grant_user_permission(self, user_group, user, perm): """ Grant permission for user on given user group, or update existing one if found :param user_group: Instance of UserGroup, users_group_id, or users_group_name :param user: Instance of User, user_id or username :param perm: Instance of Permission, or permission_name """ user_group = UserGroup.guess_instance(user_group) user = User.guess_instance(user) permission = Permission.guess_instance(perm) # check if we have that permission already obj = UserUserGroupToPerm.query() \ .filter(UserUserGroupToPerm.user == user) \ .filter(UserUserGroupToPerm.user_group == user_group) \ .scalar() if obj is None: # create new ! obj = UserUserGroupToPerm() Session().add(obj) obj.user_group = user_group obj.user = user obj.permission = permission log.debug('Granted perm %s to %s on %s', perm, user, user_group) return obj
def has_perm(self, user_group, perm): user_group = UserGroup.guess_instance(user_group) perm = Permission.guess_instance(perm) return UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group == user_group) \ .filter(UserGroupToPerm.permission == perm).scalar() is not None
def test_enforce_groups(self, pre_existing, regular_should_be, external_should_be, groups, expected): # delete all groups for gr in UserGroup.query(): fixture.destroy_user_group(gr) Session().commit() user = User.get_by_username(TEST_USER_REGULAR_LOGIN) for gr in pre_existing: gr = fixture.create_user_group(gr) Session().commit() # make sure use is just in those groups for gr in regular_should_be: gr = fixture.create_user_group(gr) Session().commit() UserGroupModel().add_user_to_group(gr, user) Session().commit() # now special external groups created by auth plugins for gr in external_should_be: gr = fixture.create_user_group(gr, user_group_data={'extern_type': 'container'}) Session().commit() UserGroupModel().add_user_to_group(gr, user) Session().commit() UserGroupModel().enforce_groups(user, groups, 'container') Session().commit() user = User.get_by_username(TEST_USER_REGULAR_LOGIN) in_groups = user.group_member assert expected == [x.users_group.users_group_name for x in in_groups]
def grant_user_group_permission(self, repo, group_name, perm): """ Grant permission for user group on given repository, or update existing one if found :param repo: Instance of Repository, repository_id, or repository name :param group_name: Instance of UserGroup, users_group_id, or user group name :param perm: Instance of Permission, or permission_name """ repo = Repository.guess_instance(repo) group_name = UserGroup.guess_instance(group_name) permission = Permission.guess_instance(perm) # check if we have that permission already obj = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.users_group == group_name) \ .filter(UserGroupRepoToPerm.repository == repo) \ .scalar() if obj is None: # create new obj = UserGroupRepoToPerm() Session().add(obj) obj.repository = repo obj.users_group = group_name obj.permission = permission log.debug('Granted perm %s to %s on %s', perm, group_name, repo) return obj
def test_enforce_groups(self, pre_existing, regular_should_be, external_should_be, groups, expected): # delete all groups for gr in UserGroup.query(): fixture.destroy_user_group(gr) Session().commit() user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN) for gr in pre_existing: gr = fixture.create_user_group(gr) Session().commit() # make sure use is just in those groups for gr in regular_should_be: gr = fixture.create_user_group(gr) Session().commit() UserGroupModel().add_user_to_group(gr, user) Session().commit() # now special external groups created by auth plugins for gr in external_should_be: gr = fixture.create_user_group( gr, user_group_data={'extern_type': 'container'}) Session().commit() UserGroupModel().add_user_to_group(gr, user) Session().commit() UserGroupModel().enforce_groups(user, groups, 'container') Session().commit() user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN) in_groups = user.group_member assert sorted(expected) == sorted(x.users_group.users_group_name for x in in_groups)
def create_user_group(self, name, **kwargs): if 'skip_if_exists' in kwargs: del kwargs['skip_if_exists'] gr = UserGroup.get_by_group_name(group_name=name) if gr: return gr form_data = self._get_user_group_create_params(name, **kwargs) owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN) user_group = UserGroupModel().create( name=form_data['users_group_name'], description=form_data['user_group_description'], owner=owner, active=form_data['users_group_active'], group_data=form_data['user_group_data']) Session().commit() user_group = UserGroup.get_by_group_name(user_group.users_group_name) return user_group
def test_create_and_remove(self): usr = UserModel().create_or_update(username=u'test_user', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') Session().commit() assert User.get_by_username(u'test_user') == usr assert User.get_by_username(u'test_USER', case_insensitive=True) == usr # User.get_by_username without explicit request for case insensitivty # will use database case sensitivity. The following will thus return # None on for example PostgreSQL but find test_user on MySQL - we are # fine with leaving that as undefined as long as it doesn't crash. User.get_by_username(u'test_USER', case_insensitive=False) # make user group user_group = fixture.create_user_group(u'some_example_group') Session().commit() UserGroupModel().add_user_to_group(user_group, usr) Session().commit() assert UserGroup.get(user_group.users_group_id) == user_group assert UserGroupMember.query().count() == 1 UserModel().delete(usr.user_id) Session().commit() assert UserGroupMember.query().all() == []
def enforce_groups(self, user, groups, extern_type=None): user = User.guess_instance(user) log.debug('Enforcing groups %s on user %s', user, groups) current_groups = user.group_member # find the external created groups externals = [ x.users_group for x in current_groups if 'extern_type' in x.users_group.group_data ] # calculate from what groups user should be removed # externals that are not in groups for gr in externals: if gr.users_group_name not in groups: log.debug('Removing user %s from user group %s', user, gr) self.remove_user_from_group(gr, user) # now we calculate in which groups user should be == groups params owner = User.get_first_admin().username for gr in set(groups): existing_group = UserGroup.get_by_group_name(gr) if not existing_group: desc = u'Automatically created from plugin:%s' % extern_type # we use first admin account to set the owner of the group existing_group = UserGroupModel().create( gr, desc, owner, group_data={'extern_type': extern_type}) # we can only add users to special groups created via plugins managed = 'extern_type' in existing_group.group_data if managed: log.debug('Adding user %s to user group %s', user, gr) UserGroupModel().add_user_to_group(existing_group, user) else: log.debug('Skipping addition to group %s since it is ' 'not managed by auth plugins' % gr)
def enforce_groups(self, user, groups, extern_type=None): user = User.guess_instance(user) log.debug('Enforcing groups %s on user %s', user, groups) current_groups = user.group_member # find the external created groups externals = [x.users_group for x in current_groups if 'extern_type' in x.users_group.group_data] # calculate from what groups user should be removed # externals that are not in groups for gr in externals: if gr.users_group_name not in groups: log.debug('Removing user %s from user group %s', user, gr) self.remove_user_from_group(gr, user) # now we calculate in which groups user should be == groups params owner = User.get_first_admin().username for gr in set(groups): existing_group = UserGroup.get_by_group_name(gr) if not existing_group: desc = u'Automatically created from plugin:%s' % extern_type # we use first admin account to set the owner of the group existing_group = UserGroupModel().create(gr, desc, owner, group_data={'extern_type': extern_type}) # we can only add users to special groups created via plugins managed = 'extern_type' in existing_group.group_data if managed: log.debug('Adding user %s to user group %s', user, gr) UserGroupModel().add_user_to_group(existing_group, user) else: log.debug('Skipping addition to group %s since it is ' 'not managed by auth plugins' % gr)
def edit_members(self, id): c.user_group = UserGroup.get_or_404(id) c.active = 'members' c.group_members_obj = sorted((x.user for x in c.user_group.members), key=lambda u: u.username.lower()) c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] return render('admin/user_groups/user_group_edit.html')
def revoke_user_group_permission(self, target_user_group, user_group): """ Revoke user group permission for given target_user_group :param target_user_group: :param user_group: """ target_user_group = UserGroup.guess_instance(target_user_group) user_group = UserGroup.guess_instance(user_group) obj = UserGroupUserGroupToPerm.query() \ .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \ .filter(UserGroupUserGroupToPerm.user_group == user_group) \ .scalar() if obj is not None: Session().delete(obj) log.debug('Revoked perm on %s on %s', target_user_group, user_group)
def __load_defaults(self, user_group_id): """ Load defaults settings for edit, and update :param user_group_id: """ user_group = UserGroup.get_or_404(user_group_id) data = user_group.get_dict() return data
def revoke_perm(self, user_group, perm): user_group = UserGroup.guess_instance(user_group) perm = Permission.guess_instance(perm) obj = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group == user_group) \ .filter(UserGroupToPerm.permission == perm).scalar() if obj is not None: Session().delete(obj)
def edit(self, id, format='html'): c.user_group = UserGroup.get_or_404(id) c.active = 'settings' self.__load_data(id) defaults = self.__load_defaults(id) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def get_user_groups_js(self): user_groups = UserGroup.query() \ .filter(UserGroup.users_group_active == True) \ .order_by(UserGroup.users_group_name) \ .options(subqueryload(UserGroup.members)) \ .all() user_groups = UserGroupList(user_groups, perm_level='read') return [{ 'id': gr.users_group_id, 'grname': gr.users_group_name, 'grmembers': len(gr.members), } for gr in user_groups]
def delete(self, id): usr_gr = UserGroup.get_or_404(id) try: UserGroupModel().delete(usr_gr) Session().commit() h.flash(_('Successfully deleted user group'), category='success') except UserGroupsAssignedException as e: h.flash(e, category='error') except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred during deletion of user group'), category='error') raise HTTPFound(location=url('users_groups'))
def get_user_groups_js(self): user_groups = UserGroup.query() \ .filter(UserGroup.users_group_active == True) \ .order_by(UserGroup.users_group_name) \ .options(subqueryload(UserGroup.members)) \ .all() user_groups = UserGroupList(user_groups, perm_level='read') return [ { 'id': gr.users_group_id, 'grname': gr.users_group_name, 'grmembers': len(gr.members), } for gr in user_groups]
def edit(self, id, format='html'): c.user_group = UserGroup.get_or_404(id) c.active = 'settings' self.__load_data(id) defaults = self.__load_defaults(id) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def edit(self, id, format='html'): """GET /user_groups/id/edit: Form to edit an existing item""" # url('edit_users_group', id=ID) c.user_group = UserGroup.get_or_404(id) c.active = 'settings' self.__load_data(id) defaults = self.__load_defaults(id) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def delete(self, id): """DELETE /user_groups/id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('users_group', id=ID), # method='delete') # url('users_group', id=ID) usr_gr = UserGroup.get_or_404(id) try: UserGroupModel().delete(usr_gr) Session().commit() h.flash(_('Successfully deleted user group'), category='success') except UserGroupsAssignedException, e: h.flash(e, category='error')
def index(self, format='html'): """GET /users_groups: All items in the collection""" # url('users_groups') _list = UserGroup.query()\ .order_by(func.lower(UserGroup.users_group_name))\ .all() group_iter = UserGroupList(_list, perm_set=['usergroup.admin']) user_groups_data = [] total_records = len(group_iter) _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup template = _tmpl_lookup.get_template('data_table/_dt_elements.html') user_group_name = lambda user_group_id, user_group_name: ( template.get_def("user_group_name").render( user_group_id, user_group_name, _=_, h=h, c=c)) user_group_actions = lambda user_group_id, user_group_name: ( template.get_def("user_group_actions").render( user_group_id, user_group_name, _=_, h=h, c=c)) for user_gr in group_iter: user_groups_data.append({ "raw_name": user_gr.users_group_name, "group_name": user_group_name(user_gr.users_group_id, user_gr.users_group_name), "desc": user_gr.user_group_description, "members": len(user_gr.members), "active": h.boolicon(user_gr.users_group_active), "owner": h.person(user_gr.user.username), "action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name) }) c.data = json.dumps({ "totalRecords": total_records, "startIndex": 0, "sort": None, "dir": "asc", "records": user_groups_data }) return render('admin/user_groups/user_groups.html')
def edit(self, id, format='html'): """GET /user_groups/id/edit: Form to edit an existing item""" # url('edit_users_group', id=ID) c.user_group = UserGroup.get_or_404(id) c.active = 'settings' self.__load_data(id) defaults = self.__load_defaults(id) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def update(self, id): """PUT /user_groups/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('users_group', id=ID), # method='put') # url('users_group', id=ID) c.user_group = UserGroup.get_or_404(id) c.active = 'settings' self.__load_data(id) available_members = [safe_unicode(x[0]) for x in c.available_members] users_group_form = UserGroupForm(edit=True, old_data=c.user_group.get_dict(), available_members=available_members)() try: form_result = users_group_form.to_python(request.POST) UserGroupModel().update(c.user_group, form_result) gr = form_result['users_group_name'] action_logger(self.authuser, 'admin_updated_users_group:%s' % gr, None, self.ip_addr, self.sa) h.flash(_('Updated user group %s') % gr, category='success') Session().commit() except formencode.Invalid, errors: ug_model = UserGroupModel() defaults = errors.value e = errors.error_dict or {} defaults.update({ 'create_repo_perm': ug_model.has_perm(id, 'hg.create.repository'), 'fork_repo_perm': ug_model.has_perm(id, 'hg.fork.repository'), '_method': 'put' }) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, errors=e, prefix_error=False, encoding="UTF-8", force_defaults=False)
def edit_default_perms(self, id): c.user_group = UserGroup.get_or_404(id) c.active = 'default_perms' permissions = { 'repositories': {}, 'repositories_groups': {} } ugroup_repo_perms = UserGroupRepoToPerm.query() \ .options(joinedload(UserGroupRepoToPerm.permission)) \ .options(joinedload(UserGroupRepoToPerm.repository)) \ .filter(UserGroupRepoToPerm.users_group_id == id) \ .all() for gr in ugroup_repo_perms: permissions['repositories'][gr.repository.repo_name] \ = gr.permission.permission_name ugroup_group_perms = UserGroupRepoGroupToPerm.query() \ .options(joinedload(UserGroupRepoGroupToPerm.permission)) \ .options(joinedload(UserGroupRepoGroupToPerm.group)) \ .filter(UserGroupRepoGroupToPerm.users_group_id == id) \ .all() for gr in ugroup_group_perms: permissions['repositories_groups'][gr.group.group_name] \ = gr.permission.permission_name c.permissions = permissions ug_model = UserGroupModel() defaults = c.user_group.get_dict() defaults.update({ 'create_repo_perm': ug_model.has_perm(c.user_group, 'hg.create.repository'), 'create_user_group_perm': ug_model.has_perm(c.user_group, 'hg.usergroup.create.true'), 'fork_repo_perm': ug_model.has_perm(c.user_group, 'hg.fork.repository'), }) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False )
def grant_perm(self, user_group, perm): user_group = UserGroup.guess_instance(user_group) perm = Permission.guess_instance(perm) # if this permission is already granted skip it _perm = UserGroupToPerm.query() \ .filter(UserGroupToPerm.users_group == user_group) \ .filter(UserGroupToPerm.permission == perm) \ .scalar() if _perm: return new = UserGroupToPerm() new.users_group = user_group new.permission = perm Session().add(new) return new
def index(self, format='html'): _list = UserGroup.query() \ .order_by(func.lower(UserGroup.users_group_name)) \ .all() group_iter = UserGroupList(_list, perm_level='admin') user_groups_data = [] total_records = len(group_iter) _tmpl_lookup = app_globals.mako_lookup template = _tmpl_lookup.get_template('data_table/_dt_elements.html') user_group_name = lambda user_group_id, user_group_name: ( template.get_def("user_group_name").render( user_group_id, user_group_name, _=_, h=h, c=c)) user_group_actions = lambda user_group_id, user_group_name: ( template.get_def("user_group_actions").render( user_group_id, user_group_name, _=_, h=h, c=c)) for user_gr in group_iter: user_groups_data.append({ "raw_name": user_gr.users_group_name, "group_name": user_group_name(user_gr.users_group_id, user_gr.users_group_name), "desc": h.escape(user_gr.user_group_description), "members": len(user_gr.members), "active": h.boolicon(user_gr.users_group_active), "owner": h.person(user_gr.owner.username), "action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name) }) c.data = { "totalRecords": total_records, "startIndex": 0, "sort": None, "dir": "asc", "records": user_groups_data } return render('admin/user_groups/user_groups.html')
def update(self, id): c.user_group = UserGroup.get_or_404(id) c.active = 'settings' self.__load_data(id) available_members = [safe_str(x[0]) for x in c.available_members] users_group_form = UserGroupForm(edit=True, old_data=c.user_group.get_dict(), available_members=available_members)() try: form_result = users_group_form.to_python(request.POST) UserGroupModel().update(c.user_group, form_result) gr = form_result['users_group_name'] action_logger(request.authuser, 'admin_updated_users_group:%s' % gr, None, request.ip_addr) h.flash(_('Updated user group %s') % gr, category='success') Session().commit() except formencode.Invalid as errors: ug_model = UserGroupModel() defaults = errors.value e = errors.error_dict or {} defaults.update({ 'create_repo_perm': ug_model.has_perm(id, 'hg.create.repository'), 'fork_repo_perm': ug_model.has_perm(id, 'hg.fork.repository'), }) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, errors=e, prefix_error=False, encoding="UTF-8", force_defaults=False) except Exception: log.error(traceback.format_exc()) h.flash(_('Error occurred during update of user group %s') % request.POST.get('users_group_name'), category='error') raise HTTPFound(location=url('edit_users_group', id=id))
def revoke_user_group_permission(self, repo, group_name): """ Revoke permission for user group on given repository :param repo: Instance of Repository, repository_id, or repository name :param group_name: Instance of UserGroup, users_group_id, or user group name """ repo = Repository.guess_instance(repo) group_name = UserGroup.guess_instance(group_name) obj = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.repository == repo) \ .filter(UserGroupRepoToPerm.users_group == group_name) \ .scalar() if obj is not None: Session().delete(obj) log.debug('Revoked perm to %s on %s', repo, group_name)
def update(self, id): c.user_group = UserGroup.get_or_404(id) c.active = 'settings' self.__load_data(id) available_members = [safe_unicode(x[0]) for x in c.available_members] users_group_form = UserGroupForm(edit=True, old_data=c.user_group.get_dict(), available_members=available_members)() try: form_result = users_group_form.to_python(request.POST) UserGroupModel().update(c.user_group, form_result) gr = form_result['users_group_name'] action_logger(request.authuser, 'admin_updated_users_group:%s' % gr, None, request.ip_addr) h.flash(_('Updated user group %s') % gr, category='success') Session().commit() except formencode.Invalid as errors: ug_model = UserGroupModel() defaults = errors.value e = errors.error_dict or {} defaults.update({ 'create_repo_perm': ug_model.has_perm(id, 'hg.create.repository'), 'fork_repo_perm': ug_model.has_perm(id, 'hg.fork.repository'), }) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, errors=e, prefix_error=False, encoding="UTF-8", force_defaults=False) except Exception: log.error(traceback.format_exc()) h.flash(_('Error occurred during update of user group %s') \ % request.POST.get('users_group_name'), category='error') raise HTTPFound(location=url('edit_users_group', id=id))
def revoke_user_permission(self, user_group, user): """ Revoke permission for user on given repository group :param user_group: Instance of RepoGroup, repositories_group_id, or repositories_group name :param user: Instance of User, user_id or username """ user_group = UserGroup.guess_instance(user_group) user = User.guess_instance(user) obj = UserUserGroupToPerm.query() \ .filter(UserUserGroupToPerm.user == user) \ .filter(UserUserGroupToPerm.user_group == user_group) \ .scalar() if obj is not None: Session().delete(obj) log.debug('Revoked perm on %s on %s', user_group, user)
def edit_default_perms(self, id): c.user_group = UserGroup.get_or_404(id) c.active = 'default_perms' permissions = {'repositories': {}, 'repositories_groups': {}} ugroup_repo_perms = UserGroupRepoToPerm.query()\ .options(joinedload(UserGroupRepoToPerm.permission))\ .options(joinedload(UserGroupRepoToPerm.repository))\ .filter(UserGroupRepoToPerm.users_group_id == id)\ .all() for gr in ugroup_repo_perms: permissions['repositories'][gr.repository.repo_name] \ = gr.permission.permission_name ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ .options(joinedload(UserGroupRepoGroupToPerm.permission))\ .options(joinedload(UserGroupRepoGroupToPerm.group))\ .filter(UserGroupRepoGroupToPerm.users_group_id == id)\ .all() for gr in ugroup_group_perms: permissions['repositories_groups'][gr.group.group_name] \ = gr.permission.permission_name c.permissions = permissions ug_model = UserGroupModel() defaults = c.user_group.get_dict() defaults.update({ 'create_repo_perm': ug_model.has_perm(c.user_group, 'hg.create.repository'), 'create_user_group_perm': ug_model.has_perm(c.user_group, 'hg.usergroup.create.true'), 'fork_repo_perm': ug_model.has_perm(c.user_group, 'hg.fork.repository'), }) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def update_default_perms(self, id): """PUT /users_perm/id: Update an existing item""" # url('users_group_perm', id=ID, method='put') user_group = UserGroup.get_or_404(id) try: form = CustomDefaultPermissionsForm()() form_result = form.to_python(request.POST) inherit_perms = form_result['inherit_default_permissions'] user_group.inherit_default_permissions = inherit_perms Session().add(user_group) usergroup_model = UserGroupModel() defs = UserGroupToPerm.query()\ .filter(UserGroupToPerm.users_group == user_group)\ .all() for ug in defs: Session().delete(ug) if form_result['create_repo_perm']: usergroup_model.grant_perm(id, 'hg.create.repository') else: usergroup_model.grant_perm(id, 'hg.create.none') if form_result['create_user_group_perm']: usergroup_model.grant_perm(id, 'hg.usergroup.create.true') else: usergroup_model.grant_perm(id, 'hg.usergroup.create.false') if form_result['fork_repo_perm']: usergroup_model.grant_perm(id, 'hg.fork.repository') else: usergroup_model.grant_perm(id, 'hg.fork.none') h.flash(_("Updated permissions"), category='success') Session().commit() except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred during permissions saving'), category='error') return redirect(url('edit_user_group_default_perms', id=id))
def index(self, format='html'): """GET /users_groups: All items in the collection""" # url('users_groups') _list = UserGroup.query()\ .order_by(func.lower(UserGroup.users_group_name))\ .all() group_iter = UserGroupList(_list, perm_set=['usergroup.admin']) user_groups_data = [] total_records = len(group_iter) _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup template = _tmpl_lookup.get_template('data_table/_dt_elements.html') user_group_name = lambda user_group_id, user_group_name: ( template.get_def("user_group_name") .render(user_group_id, user_group_name, _=_, h=h, c=c) ) user_group_actions = lambda user_group_id, user_group_name: ( template.get_def("user_group_actions") .render(user_group_id, user_group_name, _=_, h=h, c=c) ) for user_gr in group_iter: user_groups_data.append({ "raw_name": user_gr.users_group_name, "group_name": user_group_name(user_gr.users_group_id, user_gr.users_group_name), "desc": user_gr.user_group_description, "members": len(user_gr.members), "active": h.boolicon(user_gr.users_group_active), "owner": h.person(user_gr.user.username), "action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name) }) c.data = json.dumps({ "totalRecords": total_records, "startIndex": 0, "sort": None, "dir": "asc", "records": user_groups_data }) return render('admin/user_groups/user_groups.html')
def test_create_and_remove(self): usr = UserModel().create_or_update(username=u'test_user', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') Session().commit() self.assertEqual(User.get_by_username(u'test_user'), usr) # make user group user_group = fixture.create_user_group('some_example_group') Session().commit() UserGroupModel().add_user_to_group(user_group, usr) Session().commit() self.assertEqual(UserGroup.get(user_group.users_group_id), user_group) self.assertEqual(UserGroupMember.query().count(), 1) UserModel().delete(usr.user_id) Session().commit() self.assertEqual(UserGroupMember.query().all(), [])
def remove_user_from_group(self, user_group, user): user_group = UserGroup.guess_instance(user_group) user = User.guess_instance(user) user_group_member = None for m in user_group.members: if m.user_id == user.user_id: # Found this user's membership row user_group_member = m break if user_group_member: try: Session().delete(user_group_member) return True except Exception: log.error(traceback.format_exc()) raise else: # User isn't in that group return False
def index(self, format='html'): _list = UserGroup.query() \ .order_by(func.lower(UserGroup.users_group_name)) \ .all() group_iter = UserGroupList(_list, perm_level='admin') user_groups_data = [] total_records = len(group_iter) _tmpl_lookup = app_globals.mako_lookup template = _tmpl_lookup.get_template('data_table/_dt_elements.html') user_group_name = lambda user_group_id, user_group_name: ( template.get_def("user_group_name") .render(user_group_id, user_group_name, _=_, h=h, c=c) ) user_group_actions = lambda user_group_id, user_group_name: ( template.get_def("user_group_actions") .render(user_group_id, user_group_name, _=_, h=h, c=c) ) for user_gr in group_iter: user_groups_data.append({ "raw_name": user_gr.users_group_name, "group_name": user_group_name(user_gr.users_group_id, user_gr.users_group_name), "desc": h.escape(user_gr.user_group_description), "members": len(user_gr.members), "active": h.boolicon(user_gr.users_group_active), "owner": h.person(user_gr.owner.username), "action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name) }) c.data = { "totalRecords": total_records, "startIndex": 0, "sort": None, "dir": "asc", "records": user_groups_data } return render('admin/user_groups/user_groups.html')
def update_perms(self, id): """ grant permission for given usergroup :param id: """ user_group = UserGroup.get_or_404(id) form = UserGroupPermsForm()().to_python(request.POST) # set the permissions ! try: UserGroupModel()._update_permissions(user_group, form['perms_new'], form['perms_updates']) except RepoGroupAssignmentError: h.flash(_('Target group cannot be the same'), category='error') raise HTTPFound(location=url('edit_user_group_perms', id=id)) #TODO: implement this #action_logger(request.authuser, 'admin_changed_repo_permissions', # repo_name, request.ip_addr) Session().commit() h.flash(_('User group permissions updated'), category='success') raise HTTPFound(location=url('edit_user_group_perms', id=id))