class ArchiveProjectTeam(Command): """ Store users and permissions into flat file This file will be sent for author if project is restored """ def __init__(self, project): Command.__init__(self) self.name = "ArchiveProjectTeam" self.project = project self.groups = CQDEUserGroupStore(project.trac_environment_key) def do(self): self.team = self.project.archive_path + "/team.txt" f = open(self.team, 'w') f.write("#### Users in groups ####\n") for user, group in self.groups.get_all_user_groups(): f.write(user + ' : ' + group + "\n") f.write("\n#### Group permissions ####\n") for group, perm in self.groups.get_all_group_permissions(): f.write(group + ' : ' + perm + "\n") f.write("\n#### Group organizations ####\n") for org, group in self.groups.get_all_organization_groups(): f.write(org + ' : ' + group + "\n") f.close() return True def undo(self): if os.path.exists(self.team): if os.remove(self.team): return True return False
def public(self): """ Check the project visibility :returns: True if project is considered public (wide permissions), otherwise False """ groupstore = CQDEUserGroupStore(self.trac_environment_key) return groupstore.is_public_project()
def _apply_changes(self, req, project): """ Saves changes into database and project configuration file """ try: # Save information into database project.project_name = req.args.get('name') project.description = req.args.get('descr') # Update author if needed author_id = req.args.get('author_id') if author_id and project.author_id != int(author_id): userstore = get_userstore() author = userstore.getUserWhereId(author_id) project.author = author # Check if author has admin permission to project: put in project if not authorperm = PermissionCache(self.env, author.username) if 'TRAC_ADMIN' not in authorperm: admin_rights = False groupstore = CQDEUserGroupStore( project.trac_environment_key) # Iterate existing project groups and put user into group with TRAC_ADMIN rights for gname, pname in groupstore.get_all_group_permissions(): if pname == 'TRAC_ADMIN': groupstore.add_user_to_group( author.username, gname) admin_rights = True add_notice( req, _('Added TRAC_ADMIN permissions to user: {0}'. format(author.username))) if not admin_rights: permlink = tag.a( 'You way want to modify permissions', href=req.href('admin/general/permissions')) add_warning( req, tag( _('User {0} does not have administrative rights to project. ' .format(author.username)), permlink)) # Save changes to database project.save() # Save information into config for option in ('name', 'descr'): self.config.set('project', option, req.args.get(option)) self.config.save() except Exception, e: self.log.exception('Failed to save project changes') add_warning(req, _('Failed to save changes: {0}'.format(e))) return req.redirect(req.href('admin/general/basics'))
def _get_team_info(self, project): """ Reads team members and sorts them so that default groups are first and other groups are last (in alphabetical order) :param Project project: Project to retrieve team info from :returns: tuple of data: teams, members """ ug = CQDEUserGroupStore(project.trac_environment_key) team = sorted(ug.get_all_user_groups(), key=lambda tmp: tmp[1]) # TODO: Implement better default_group_names = [tuple[0] for tuple in conf.default_groups] default_group_names += [ conf.public_auth_group[0], conf.public_anon_group[0] ] first = {} last = {} all_members = {} # Create group => member hash userstore = get_userstore() for member, group in team: all_members[member] = 1 account = userstore.getUser(username=member) if group in default_group_names: if group not in first: first[group] = [] first[group].append(account) else: if group not in last: last[group] = [] last[group].append(account) # Create group, memberlist tuples from items and keep them sorted # First read the default groups in to list of tuples in the order they are defined in conf items = [] for group in default_group_names: if first.has_key(group): items += [(group, first[group])] # Then append other groups in alphabetical order items += sorted(last.items(), key=lambda tmp: tmp[0]) # Then join all the members as a one markup string with member links teams = [] for group, members in items: teams.append((group, members)) # Team members in (group, member_uri) type, and all member names return teams, all_members.keys()
def _get_team_info(self, project): """ Reads team members and sorts them so that default groups are first and other groups are last (in alphabetical order) :param Project project: Project to retrieve team info from :returns: tuple of data: teams, members """ ug = CQDEUserGroupStore(project.trac_environment_key) team = sorted(ug.get_all_user_groups(), key=lambda tmp: tmp[1]) # TODO: Implement better default_group_names = [tuple[0] for tuple in conf.default_groups] default_group_names += [conf.public_auth_group[0], conf.public_anon_group[0]] first = {} last = {} all_members = {} # Create group => member hash userstore = get_userstore() for member, group in team: all_members[member] = 1 account = userstore.getUser(username=member) if group in default_group_names: if group not in first: first[group] = [] first[group].append(account) else: if group not in last: last[group] = [] last[group].append(account) # Create group, memberlist tuples from items and keep them sorted # First read the default groups in to list of tuples in the order they are defined in conf items = [] for group in default_group_names: if first.has_key(group): items += [(group, first[group])] # Then append other groups in alphabetical order items += sorted(last.items(), key = lambda tmp: tmp[0]) # Then join all the members as a one markup string with member links teams = [] for group, members in items: teams.append((group, members)) # Team members in (group, member_uri) type, and all member names return teams, all_members.keys()
def undo(self): store = CQDEUserGroupStore(self.project.trac_environment_key) try: anon_group_name, anon_priv = conf.public_anon_group auth_group_name, auth_priv = conf.public_auth_group store.remove_group(anon_group_name) store.remove_group(auth_group_name) # Clear project cache pc = ProjectCache.instance() pc.clearProject(self.project.id) except Exception, e: conf.log.exception("Could not make project private")
def remove_user(self, req): """ Show removal form and handle POST as remove action """ username = req.args.get('username') # Check method and permissions if not req.method.upper() == 'POST' or not username: raise PermissionError() # Load user userstore = get_userstore() user = userstore.getUser(req.authname) account = userstore.getUser(username) if not account: add_warning(req, "Could not find user '{0}' from service".format(account.username)) return req.redirect(req.href('admin/users/manage')) # Check permissions req.perm.require('USER_AUTHOR', Resource('user', id=account.id)) # If removable user is project author, change the ownership to person who deletes the user papi = projects.Projects() for project in papi.get_authored_projects(account): project.author = user project.save() # Check if user has TRAC_ADMIN rights for the new project, if not, try setting if not req.perm.has_permission('TRAC_ADMIN', Resource('project', id=project.id)): groupstore = CQDEUserGroupStore(project.trac_environment_key) # Iterate existing project groups and put user into group with TRAC_ADMIN rights for gname, pname in groupstore.get_all_group_permissions(): if pname == 'TRAC_ADMIN': groupstore.add_user_to_group(project.author.username, gname) self.log.info('Added TRAC_ADMIN permissions to {0} at {0}'.format(project.author, project)) self.log.info('Changed ownership of project {0} from {0} to {0}'.format(project, project.author, user)) add_notice(req, tag(_("Changed ownership of the project to you: "), tag.a(project.project_name, href=req.href('..', project.env_name)))) if userstore.deleteUser(account): add_notice(req, "Removed user '{0}' successfully from local store".format(account.username)) else: add_warning(req, "Failed to remove user '{0}' from local store".format(account.username)) # Redirect to user listing return req.redirect(req.href('admin/users/manage'))
def setUp(self): userObj = User() userObj.id = 30 userObj.username = '******' self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc', userObj.id, None, author=userObj) conf.use_test_db(True) self.load_fixtures() self.store = CQDEUserGroupStore(self.projectObj.id) self.store.remove_group('Owners') self.store.remove_group('Public contributors') self.store.remove_group('Public viewers')
def _apply_changes(self, req, project): """ Saves changes into database and project configuration file """ try: # Save information into database project.project_name = req.args.get('name') project.description = req.args.get('descr') # Update author if needed author_id = req.args.get('author_id') if author_id and project.author_id != int(author_id): userstore = get_userstore() author = userstore.getUserWhereId(author_id) project.author = author # Check if author has admin permission to project: put in project if not authorperm = PermissionCache(self.env, author.username) if 'TRAC_ADMIN' not in authorperm: admin_rights = False groupstore = CQDEUserGroupStore(project.trac_environment_key) # Iterate existing project groups and put user into group with TRAC_ADMIN rights for gname, pname in groupstore.get_all_group_permissions(): if pname == 'TRAC_ADMIN': groupstore.add_user_to_group(author.username, gname) admin_rights = True add_notice(req, _('Added TRAC_ADMIN permissions to user: {0}'.format(author.username))) if not admin_rights: permlink = tag.a('You way want to modify permissions', href=req.href('admin/general/permissions')) add_warning(req, tag(_('User {0} does not have administrative rights to project. '.format(author.username)), permlink)) # Save changes to database project.save() # Save information into config for option in ('name', 'descr'): self.config.set('project', option, req.args.get(option)) self.config.save() except Exception, e: self.log.exception('Failed to save project changes') add_warning(req, _('Failed to save changes: {0}'.format(e))) return req.redirect(req.href('admin/general/basics'))
def render_admin_panel(self, req, cat, page, path_info): """ Renders announcements admin panel """ req.perm.require('TRAC_ADMIN') showforum = self.config.getbool('discussion', 'show_news_forum', True) project = Project.get(self.env) groupstore = CQDEUserGroupStore(project.trac_environment_key) (public_exists, allowed) = self.get_announce_allowed(groupstore) if req.method == 'POST': if 'hideforum' in req.args: self.config.set('discussion', 'show_news_forum', 'false') self.config.save() showforum = False # Notify listeners for listener in self.announcement_admin_listeners: listener.announcements_hidden() elif 'showforum' in req.args: self.config.set('discussion', 'show_news_forum', 'true') self.config.save() showforum = True # Notify listeners for listener in self.announcement_admin_listeners: listener.announcements_visible() elif 'allow' in req.args: #Allow should add the DISCUSSION_ANNOUNCE_APPEND to the "public contributors" group. groupstore.grant_permission_to_group("Public contributors", "DISCUSSION_ANNOUNCEAPPEND") (public_exists, allowed) = self.get_announce_allowed(groupstore) elif 'disallow' in req.args: #Disallow remove it. groupstore.revoke_permission_from_group("Public contributors", "DISCUSSION_ANNOUNCEAPPEND") (public_exists, allowed) = self.get_announce_allowed(groupstore) elif 'rename' in req.args: news = ProjectNews(project.env_name) news.rename_news_forum(req.args.get('forumname')) data = {} data['showforum'] = showforum data['allowed'] = allowed data['public_exists'] = public_exists return 'admin_news_forum.html', data
def setUp(self): userObj = User() userObj.id = 30 userObj.username = '******' self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc', userObj.id, None, author = userObj) conf.use_test_db(True) self.load_fixtures() self.store = CQDEUserGroupStore(self.projectObj.id) self.store.remove_group('Owners') self.store.remove_group('Public contributors') self.store.remove_group('Public viewers')
def expand_macro(self, formatter, name, content, args=None): """ Returns the outcome from macro. Supported arguments: - project: Name of the project to show status / provide follow buttons. Defaults to current project """ req = formatter.req # Load project from db project = Project.get(self.env) # Get project metadata (categories) (combined_categories, separated_categories_per_context, context_by_id, context_order, languages) = self._get_project_categories(project) # Get project visibility: public or private ug = CQDEUserGroupStore(project.trac_environment_key) visibility = _('Public') if ug.is_public_project() else _('Private') # Return rendered HTML with JS attached to it data = { '_project_': project, 'combined_categories': combined_categories, 'separated_categories_per_context': separated_categories_per_context, 'context_order': context_order, 'languages': languages, 'context_by_id': context_by_id, 'visibility_label': visibility, # Private / Public 'to_web_time': to_web_time # TODO: Is this really required? } chrome = Chrome(self.env) stream = chrome.render_template(req, 'multiproject_summary.html', data, fragment=True) if req.form_token: stream |= chrome._add_form_token(req.form_token) return stream
def process_request(self, req): req.perm.require('MEMBERSHIP_REQUEST_CREATE') all_members = {} project = Project.get(self.env) ug = CQDEUserGroupStore(project.trac_environment_key) for member, group in ug.get_all_user_groups(): all_members[member] = 1 if req.authname in all_members.keys(): type = "privilege" else: type = "membership" # Check the message length only if user has clicked 'request' msg_ok = 'request' not in req.args or ('message' in req.args and len(req.args.get('message')) >= 40) # If request, then make request, ow. show form if req.args.has_key('request') and msg_ok: return self.make_membership_request(req) else: return 'membership_request_form.html', {'type':type, 'msg_ok':msg_ok, 'message':req.args.get('message')}, None
class ArchiveProjectTeam(Command): """ Store users and permissions into flat file This file will be sent for author if project is restored """ def __init__(self, project): Command.__init__(self) self.name = "ArchiveProjectTeam" self.project = project self.groups = CQDEUserGroupStore(project.trac_environment_key) def do(self): self.team = self.project.archive_path + "/team.txt" f = open(self.team, "w") f.write("#### Users in groups ####\n") for user, group in self.groups.get_all_user_groups(): f.write(user + " : " + group + "\n") f.write("\n#### Group permissions ####\n") for group, perm in self.groups.get_all_group_permissions(): f.write(group + " : " + perm + "\n") f.write("\n#### Group organizations ####\n") for org, group in self.groups.get_all_organization_groups(): f.write(org + " : " + group + "\n") f.close() return True def undo(self): if os.path.exists(self.team): if os.remove(self.team): return True return False
def do(self): store = CQDEUserGroupStore(self.project.trac_environment_key) try: # Create anon group and give permissions anon_group_name, anon_priv = conf.public_anon_group store.add_user_to_group('anonymous', anon_group_name) for priv in anon_priv: store.grant_permission_to_group(anon_group_name, priv) # Create auth group and give permissions auth_group_name, auth_priv = conf.public_auth_group store.add_user_to_group('authenticated', auth_group_name) for priv in auth_priv: store.grant_permission_to_group(auth_group_name, priv) # Clear project cache pc = ProjectCache.instance() pc.clearProject(self.project.id) except Exception: conf.log.exception("Could not make project public") return False return True
class SetPermissionsTestCase(CQDETestCase): def setUp(self): userObj = User() userObj.id = 30 userObj.username = '******' self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc', userObj.id, None, author=userObj) conf.use_test_db(True) self.load_fixtures() self.store = CQDEUserGroupStore(self.projectObj.id) self.store.remove_group('Owners') self.store.remove_group('Public contributors') self.store.remove_group('Public viewers') def tearDown(self): conf.use_test_db(False) # TODO #def test_do(self): #command = multiproject.common.projects.commands.SetPermissions(self.projectObj) #self.assertTrue(command.do()) #gid = self.store.get_group_id('Owners') #self.assertNotEquals(gid, None) #ugs = self.store.get_all_user_groups() #self.assertIn(('testuser', 'Owners'), ugs) #gps = self.store.get_all_group_permissions() #self.assertIn(('Owners', 'TRAC_ADMIN'), gps) ## Clean up #self.store.remove_group('Owners') def test_undo(self): conf.use_test_db(True) self.load_fixtures() # Prepare command = multiproject.common.projects.commands.SetPermissions( self.projectObj) # Try undo self.assertTrue(command.undo())
def render_admin_panel(self, req, cat, page, path_info): """ Renders announcements admin panel """ req.perm.require('TRAC_ADMIN') showforum = self.config.getbool('discussion', 'show_news_forum', True) project = Project.get(self.env) groupstore = CQDEUserGroupStore(project.trac_environment_key) (public_exists, allowed) = self.get_announce_allowed(groupstore) if req.method == 'POST': if 'hideforum' in req.args: self.config.set('discussion', 'show_news_forum', 'false') self.config.save() showforum = False # Notify listeners for listener in self.announcement_admin_listeners: listener.announcements_hidden() elif 'showforum' in req.args: self.config.set('discussion', 'show_news_forum', 'true') self.config.save() showforum = True # Notify listeners for listener in self.announcement_admin_listeners: listener.announcements_visible() elif 'allow' in req.args: #Allow should add the DISCUSSION_ANNOUNCE_APPEND to the "public contributors" group. groupstore.grant_permission_to_group( "Public contributors", "DISCUSSION_ANNOUNCEAPPEND") (public_exists, allowed) = self.get_announce_allowed(groupstore) elif 'disallow' in req.args: #Disallow remove it. groupstore.revoke_permission_from_group( "Public contributors", "DISCUSSION_ANNOUNCEAPPEND") (public_exists, allowed) = self.get_announce_allowed(groupstore) elif 'rename' in req.args: news = ProjectNews(project.env_name) news.rename_news_forum(req.args.get('forumname')) data = {} data['showforum'] = showforum data['allowed'] = allowed data['public_exists'] = public_exists return 'admin_news_forum.html', data
class SetPermissionsTestCase(CQDETestCase): def setUp(self): userObj = User() userObj.id = 30 userObj.username = '******' self.projectObj = Project(24, 'storageauthtest', 'Storage auth testing', 'Desc', userObj.id, None, author = userObj) conf.use_test_db(True) self.load_fixtures() self.store = CQDEUserGroupStore(self.projectObj.id) self.store.remove_group('Owners') self.store.remove_group('Public contributors') self.store.remove_group('Public viewers') def tearDown(self): conf.use_test_db(False) # TODO #def test_do(self): #command = multiproject.common.projects.commands.SetPermissions(self.projectObj) #self.assertTrue(command.do()) #gid = self.store.get_group_id('Owners') #self.assertNotEquals(gid, None) #ugs = self.store.get_all_user_groups() #self.assertIn(('testuser', 'Owners'), ugs) #gps = self.store.get_all_group_permissions() #self.assertIn(('Owners', 'TRAC_ADMIN'), gps) ## Clean up #self.store.remove_group('Owners') def test_undo(self): conf.use_test_db(True) self.load_fixtures() # Prepare command = multiproject.common.projects.commands.SetPermissions(self.projectObj) # Try undo self.assertTrue(command.undo())
def undo(self): visibility = False # make public false store = CQDEUserGroupStore(self.project.trac_environment_key) try: anon_group_name, anon_priv = conf.public_anon_group auth_group_name, auth_priv = conf.public_auth_group store.remove_group(anon_group_name) store.remove_group(auth_group_name) #set project visibility#public = False store.update_project_visibility(visibility) # Clear project cache pc = ProjectCache.instance() pc.clearProject(self.project.id) except Exception, e: conf.log.exception("Could not make project private")
def render_admin_panel(self, req, cat, page, path_info): add_script(req, "multiproject/js/jquery-ui.js") add_script(req, "multiproject/js/permissions.js") add_stylesheet(req, "multiproject/css/jquery-ui.css") add_stylesheet(req, "multiproject/css/permissions.css") is_normal_project = self.env.project_identifier != self.env.config.get("multiproject", "sys_home_project_name") # API instances perm_sys = PermissionSystem(self.env) group_store = CQDEUserGroupStore(env=self.env) org_store = CQDEOrganizationStore.instance() if is_normal_project: membership = MembershipApi(self.env, Project.get(self.env)) else: membership = None if req.method == "POST": action = req.args.get("action") if action == "remove_member": self._remove_member(req, group_store) elif action == "add_member": add_type = req.args.get("add_type") if add_type == "user": self._add_user(req, group_store, membership) elif add_type == "organization": self._add_organization(req, group_store) elif add_type == "ldap_group": self._add_ldap_group(req, group_store) elif add_type == "login_status": login_status = req.args.get("login_status") if login_status not in ("authenticated", "anonymous"): raise TracError("Invalid arguments") self._add_user(req, group_store, membership, username=login_status) else: raise TracError("Invalid add_type") elif action == "add_permission": self._add_perm_to_group(req, group_store, perm_sys) elif action == "remove_permission": self._remove_permission(req, group_store, perm_sys) elif action == "create_group": self._create_group(req, group_store, perm_sys) elif action == "remove_group": self._remove_group(req, group_store) elif action == "add_organization": self._add_organization(req, group_store) elif action == "decline_membership": self._decline_membership(req, membership) else: raise TracError("Unknown action %s" % action) # get membership request list after form posts have been processed if is_normal_project: membership_requests = set(membership.get_membership_requests()) else: membership_requests = set() permissions = set(perm_sys.get_actions()) # check if project if current configuration and permission state is in such state that # permission editions are likely fail invalid_state = None try: group_store.is_valid_group_members() except InvalidPermissionsState, e: add_warning( req, _( "Application permission configuration conflicts with project permissions. " "Before you can fully edit permissions or users you will need to either remove " "offending permissions or set correct application configuration. Page reload" "is required to update this warning." ), ) add_warning(req, e.message)
def do(self): store = CQDEUserGroupStore(self.project.trac_environment_key) author = self.project.author # Set default groups (adds also author to Owner) try: firstDone = False for grpname, rightslist in conf.default_groups: store.create_group(grpname) # add the user only to the first group if not firstDone: store.add_user_to_group(author.username, grpname) firstDone = True for right in rightslist: store.grant_permission_to_group(grpname, right) except: conf.log.exception("Could not setup initial permissions") return False try: if conf.private_auth_group: auth_group_name, auth_priv = conf.private_auth_group store.add_user_to_group('authenticated', auth_group_name) for priv in auth_priv: store.grant_permission_to_group(auth_group_name, priv) except Exception: conf.log.exception("Could not setup initial permissions") return False return True
def __init__(self, project): Command.__init__(self) self.name = "ArchiveProjectTeam" self.project = project self.groups = CQDEUserGroupStore(project.trac_environment_key)
def do(self): visibility = True published = datetime.now() store = CQDEUserGroupStore(self.project.trac_environment_key) try: # Create anon group and give permissions anon_group_name, anon_priv = conf.public_anon_group store.add_user_to_group('anonymous', anon_group_name) for priv in anon_priv: store.grant_permission_to_group(anon_group_name, priv) # Create auth group and give permissions auth_group_name, auth_priv = conf.public_auth_group store.add_user_to_group('authenticated', auth_group_name) for priv in auth_priv: store.grant_permission_to_group(auth_group_name, priv) #set project visibility#public = True store.update_project_visibility(visibility,str(published)) # Clear project cache pc = ProjectCache.instance() pc.clearProject(self.project.id) except Exception: conf.log.exception("Could not make project public") return False return True
def render_admin_panel(self, req, cat, page, path_info): add_script(req, 'multiproject/js/jquery-ui.js') add_script(req, 'multiproject/js/permissions.js') add_stylesheet(req, 'multiproject/css/jquery-ui.css') add_stylesheet(req, 'multiproject/css/permissions.css') project = Project.get(self.env) # is_normal_project = self.env.project_identifier != \ self.env.config.get('multiproject', 'sys_home_project_name') # API instances perm_sys = PermissionSystem(self.env) group_store = CQDEUserGroupStore(env=self.env) org_store = CQDEOrganizationStore.instance() if is_normal_project: membership = MembershipApi(self.env, Project.get(self.env)) else: membership = None if req.method == 'POST': action = req.args.get('action') if action == 'remove_member': self._remove_member(req, group_store) elif action == 'add_member': add_type = req.args.get('add_type') if add_type == 'user': self._add_user(req, group_store, membership) elif add_type == 'organization': self._add_organization(req, group_store) elif add_type == 'ldap_group': self._add_ldap_group(req, group_store) elif add_type == 'login_status': login_status = req.args.get('login_status') if login_status not in ('authenticated', 'anonymous'): raise TracError('Invalid arguments') self._add_user(req, group_store, membership, username=login_status) else: raise TracError('Invalid add_type') elif action == 'add_permission': self._add_perm_to_group(req, group_store, perm_sys) elif action == 'remove_permission': self._remove_permission(req, group_store, perm_sys) elif action == 'create_group': self._create_group(req, group_store, perm_sys) elif action == 'remove_group': self._remove_group(req, group_store) elif action == 'add_organization': self._add_organization(req, group_store) elif action == 'decline_membership': self._decline_membership(req, membership) elif 'makepublic' in req.args: project_api = Projects() if conf.allow_public_projects: self._make_public(req, project) project_api.add_public_project_visibility(project.id) # Reload page return req.redirect(req.href(req.path_info)) else: raise TracError("Public projects are disabled", "Error!") elif 'makeprivate' in req.args: project_api = Projects() self._make_private(req, project) project_api.remove_public_project_visibility(project.id) # Reload page return req.redirect(req.href(req.path_info)) else: raise TracError('Unknown action %s' % action) # get membership request list after form posts have been processed if is_normal_project: membership_requests = set(membership.get_membership_requests()) else: membership_requests = set() permissions = set(perm_sys.get_actions()) # check if project if current configuration and permission state is in such state that # permission editions are likely fail invalid_state = None if is_normal_project: is_a_public = project.public else: is_a_public = "" try: group_store.is_valid_group_members() except InvalidPermissionsState, e: add_warning(req, _('Application permission configuration conflicts with project permissions. ' 'Before you can fully edit permissions or users you will need to either remove ' 'offending permissions or set correct application configuration. Page reload' 'is required to update this warning.')) add_warning(req, e.message)
def render_admin_panel(self, req, cat, page, path_info): add_script(req, 'multiproject/js/jquery-ui.js') add_script(req, 'multiproject/js/permissions.js') add_stylesheet(req, 'multiproject/css/jquery-ui.css') add_stylesheet(req, 'multiproject/css/permissions.css') project = Project.get(self.env) # is_normal_project = self.env.project_identifier != \ self.env.config.get('multiproject', 'sys_home_project_name') # API instances perm_sys = PermissionSystem(self.env) group_store = CQDEUserGroupStore(env=self.env) org_store = CQDEOrganizationStore.instance() if is_normal_project: membership = MembershipApi(self.env, Project.get(self.env)) else: membership = None if req.method == 'POST': action = req.args.get('action') if action == 'remove_member': self._remove_member(req, group_store) elif action == 'add_member': add_type = req.args.get('add_type') if add_type == 'user': self._add_user(req, group_store, membership) elif add_type == 'organization': self._add_organization(req, group_store) elif add_type == 'ldap_group': self._add_ldap_group(req, group_store) elif add_type == 'login_status': login_status = req.args.get('login_status') if login_status not in ('authenticated', 'anonymous'): raise TracError('Invalid arguments') self._add_user(req, group_store, membership, username=login_status) else: raise TracError('Invalid add_type') elif action == 'add_permission': self._add_perm_to_group(req, group_store, perm_sys) elif action == 'remove_permission': self._remove_permission(req, group_store, perm_sys) elif action == 'create_group': self._create_group(req, group_store, perm_sys) elif action == 'remove_group': self._remove_group(req, group_store) elif action == 'add_organization': self._add_organization(req, group_store) elif action == 'decline_membership': self._decline_membership(req, membership) elif 'makepublic' in req.args: project_api = Projects() if conf.allow_public_projects: self._make_public(req, project) project_api.add_public_project_visibility(project.id) # Reload page return req.redirect(req.href(req.path_info)) else: raise TracError("Public projects are disabled", "Error!") elif 'makeprivate' in req.args: project_api = Projects() self._make_private(req, project) project_api.remove_public_project_visibility(project.id) # Reload page return req.redirect(req.href(req.path_info)) else: raise TracError('Unknown action %s' % action) # get membership request list after form posts have been processed if is_normal_project: membership_requests = set(membership.get_membership_requests()) else: membership_requests = set() permissions = set(perm_sys.get_actions()) # check if project if current configuration and permission state is in such state that # permission editions are likely fail invalid_state = None if is_normal_project: is_a_public = project.public else: is_a_public = "" try: group_store.is_valid_group_members() except InvalidPermissionsState, e: add_warning( req, _('Application permission configuration conflicts with project permissions. ' 'Before you can fully edit permissions or users you will need to either remove ' 'offending permissions or set correct application configuration. Page reload' 'is required to update this warning.')) add_warning(req, e.message)
def do(self): store = CQDEUserGroupStore(self.project.trac_environment_key) author = self.project.author # Set default groups (adds also author to Owner) try: firstDone = False for grpname, rightslist in conf.default_groups: store.create_group(grpname) # add the user only to the first group # NOTE: Creates the group defined by grpname if not firstDone: # Do not validate group permissions on creation store.add_user_to_group(author.username, grpname, validate=False) firstDone = True for right in rightslist: store.grant_permission_to_group(grpname, right) except: conf.log.exception("Could not setup initial permissions") return False try: if conf.private_auth_group: auth_group_name, auth_priv = conf.private_auth_group # Do not validate group permissions on creation store.add_user_to_group('authenticated', auth_group_name) for priv in auth_priv: store.grant_permission_to_group(auth_group_name, priv) except Exception: conf.log.exception("Could not setup initial permissions") return False return True