def validate_python(self, value, state):
if value in ['default']:
msg = M(self, 'invalid_group', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
#check if group is unique
old_ugname = None
if edit:
old_id = old_data.get('users_group_id')
old_ugname = UserGroup.get(old_id).users_group_name
if old_ugname != value or not edit:
is_existing_group = UserGroup.get_by_group_name(value,
case_insensitive=True)
if is_existing_group:
msg = M(self, 'group_exist', state, usergroup=value)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
msg = M(self, 'invalid_usergroup_name', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(users_group_name=msg)
)
def enforce_groups(self, user, groups, extern_type=None):
user = User.guess_instance(user)
log.debug('Enforcing groups %s on user %s', user, groups)
current_groups = user.group_member
# find the external created groups
externals = [
x.users_group for x in current_groups
if 'extern_type' in x.users_group.group_data
]
# calculate from what groups user should be removed
# externals that are not in groups
for gr in externals:
if gr.users_group_name not in groups:
log.debug('Removing user %s from user group %s', user, gr)
self.remove_user_from_group(gr, user)
# now we calculate in which groups user should be == groups params
owner = User.get_first_admin().username
for gr in set(groups):
existing_group = UserGroup.get_by_group_name(gr)
if not existing_group:
desc = u'Automatically created from plugin:%s' % extern_type
# we use first admin account to set the owner of the group
existing_group = UserGroupModel().create(
gr, desc, owner, group_data={'extern_type': extern_type})
# we can only add users to special groups created via plugins
managed = 'extern_type' in existing_group.group_data
if managed:
log.debug('Adding user %s to user group %s', user, gr)
UserGroupModel().add_user_to_group(existing_group, user)
else:
log.debug('Skipping addition to group %s since it is '
'not managed by auth plugins' % gr)
def create_user_group(self, name, **kwargs):
if 'skip_if_exists' in kwargs:
del kwargs['skip_if_exists']
gr = UserGroup.get_by_group_name(group_name=name)
if gr:
return gr
form_data = self._get_user_group_create_params(name, **kwargs)
owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
user_group = UserGroupModel().create(
name=form_data['users_group_name'],
description=form_data['user_group_description'],
owner=owner, active=form_data['users_group_active'],
group_data=form_data['user_group_data'])
Session().commit()
user_group = UserGroup.get_by_group_name(user_group.users_group_name)
return user_group
def validate_python(self, value, state):
if value in ['default']:
msg = self.message('invalid_group', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(users_group_name=msg))
#check if group is unique
old_ugname = None
if edit:
old_id = old_data.get('users_group_id')
old_ugname = UserGroup.get(old_id).users_group_name
if old_ugname != value or not edit:
is_existing_group = UserGroup.get_by_group_name(
value, case_insensitive=True)
if is_existing_group:
msg = self.message('group_exist', state, usergroup=value)
raise formencode.Invalid(
msg,
value,
state,
error_dict=dict(users_group_name=msg))
if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
msg = self.message('invalid_usergroup_name', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(users_group_name=msg))
def enforce_groups(self, user, groups, extern_type=None):
user = User.guess_instance(user)
log.debug('Enforcing groups %s on user %s', user, groups)
current_groups = user.group_member
# find the external created groups
externals = [x.users_group for x in current_groups
if 'extern_type' in x.users_group.group_data]
# calculate from what groups user should be removed
# externals that are not in groups
for gr in externals:
if gr.users_group_name not in groups:
log.debug('Removing user %s from user group %s', user, gr)
self.remove_user_from_group(gr, user)
# now we calculate in which groups user should be == groups params
owner = User.get_first_admin().username
for gr in set(groups):
existing_group = UserGroup.get_by_group_name(gr)
if not existing_group:
desc = u'Automatically created from plugin:%s' % extern_type
# we use first admin account to set the owner of the group
existing_group = UserGroupModel().create(gr, desc, owner,
group_data={'extern_type': extern_type})
# we can only add users to special groups created via plugins
managed = 'extern_type' in existing_group.group_data
if managed:
log.debug('Adding user %s to user group %s', user, gr)
UserGroupModel().add_user_to_group(existing_group, user)
else:
log.debug('Skipping addition to group %s since it is '
'not managed by auth plugins' % gr)
def create_user_group(self, name, **kwargs):
if 'skip_if_exists' in kwargs:
del kwargs['skip_if_exists']
gr = UserGroup.get_by_group_name(group_name=name)
if gr:
return gr
form_data = self._get_user_group_create_params(name, **kwargs)
owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
user_group = UserGroupModel().create(
name=form_data['users_group_name'],
description=form_data['user_group_description'],
owner=owner,
active=form_data['users_group_active'],
group_data=form_data['user_group_data'])
Session().commit()
user_group = UserGroup.get_by_group_name(user_group.users_group_name)
return user_group
def get_by_name(self, name, cache=False, case_insensitive=False):
return UserGroup.get_by_group_name(name, cache, case_insensitive)
def test_default_perms_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(
base.url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response, 'Created user group ')
## ENABLE REPO CREATE ON A GROUP
response = self.app.post(
base.url('edit_user_group_default_perms_update',
id=ug.users_group_id),
{
'create_repo_perm': True,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == ug).all()
assert sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
## DISABLE REPO CREATE ON A GROUP
response = self.app.post(base.url(
'edit_user_group_default_perms_update', id=ug.users_group_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group == ug).all()
assert sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.post(base.url('delete_users_group',
id=ug.users_group_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
response = response.follow()
gr = Session().query(UserGroup) \
.filter(UserGroup.users_group_name == users_group_name).scalar()
assert gr is None
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query() \
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[
x.users_group_id,
x.permission_id,
] for x in perms]
assert perms == []
def test_default_perms_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'Created user group ')
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('edit_user_group_default_perms',
id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(
url('edit_user_group_default_perms', id=ug.users_group_id), {})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name == users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[x.users_group_id,
x.permission_id, ] for x in perms]
self.assertEqual(perms, [])
def get_by_name(self, name, cache=False, case_insensitive=False):
return UserGroup.get_by_group_name(name, cache, case_insensitive)
def users_and_groups_data(self):
"""
Returns 'results' with a list of users and user groups.
You can either use the 'key' GET parameter to get a user by providing
the exact user key or you can use the 'query' parameter to
search for users by user key, first name and last name.
'types' defaults to just 'users' but can be set to 'users,groups' to
get both users and groups.
No more than 500 results (of each kind) will be returned.
"""
types = request.GET.get('types', 'users').split(',')
key = request.GET.get('key', '')
query = request.GET.get('query', '')
results = []
if 'users' in types:
user_list = []
if key:
u = User.get_by_username(key)
if u:
user_list = [u]
elif query:
user_list = User.query() \
.filter(User.is_default_user == False) \
.filter(User.active == True) \
.filter(or_(
User.username.ilike("%%" + query + "%%"),
User.name.ilike("%%" + query + "%%"),
User.lastname.ilike("%%" + query + "%%"),
)) \
.order_by(User.username) \
.limit(500) \
.all()
for u in user_list:
results.append({
'type':
'user',
'id':
u.user_id,
'nname':
u.username,
'fname':
u.name,
'lname':
u.lastname,
'gravatar_lnk':
h.gravatar_url(u.email, size=28, default='default'),
'gravatar_size':
14,
})
if 'groups' in types:
grp_list = []
if key:
grp = UserGroup.get_by_group_name(key)
if grp:
grp_list = [grp]
elif query:
grp_list = UserGroup.query() \
.filter(UserGroup.users_group_name.ilike("%%" + query + "%%")) \
.filter(UserGroup.users_group_active == True) \
.order_by(UserGroup.users_group_name) \
.limit(500) \
.all()
for g in UserGroupList(grp_list, perm_level='read'):
results.append({
'type': 'group',
'id': g.users_group_id,
'grname': g.users_group_name,
})
return dict(results=results)
def test_default_perms_enable_repository_fork_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(
url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response, 'Created user group ')
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(
url('edit_user_group_default_perms', id=ug.users_group_id),
{'fork_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.repository')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(
url('edit_user_group_default_perms', id=ug.users_group_id), {})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.fork.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[
x.users_group_id,
x.permission_id,
] for x in perms]
self.assertEqual(perms, [])
