def test_add_delete_ips(self): self.log_user() clear_all_caches() # ADD default_user_id = User.get_default_user().user_id response = self.app.post(url('edit_user_ips', user_id=default_user_id), params={ 'new_ip': '127.0.0.0/24', '_method': 'put', 'csrf_token': self.csrf_token }) response = self.app.get(url('admin_permissions_ips')) response.mustcontain('127.0.0.0/24') response.mustcontain('127.0.0.0 - 127.0.0.255') # DELETE default_user_id = User.get_default_user().user_id del_ip_id = UserIpMap.query().filter( UserIpMap.user_id == default_user_id).first().ip_id response = self.app.post(url('edit_user_ips', user_id=default_user_id), params={ '_method': 'delete', 'del_ip_id': del_ip_id, 'csrf_token': self.csrf_token }) clear_all_caches() response = self.app.get(url('admin_permissions_ips')) response.mustcontain('All IP addresses are allowed') response.mustcontain(no=['127.0.0.0/24']) response.mustcontain(no=['127.0.0.0 - 127.0.0.255'])
def set_anonymous_access(enabled): """(Dis)allows anonymous access depending on parameter `enabled`""" user = User.get_default_user() user.active = enabled Session().add(user) Session().commit() log.info('anonymous access is now: %s', enabled) assert enabled == User.get_default_user().active, ( 'Cannot set anonymous access')
def test_index_with_anonymous_access_disabled(self): anon = User.get_default_user() anon.active = False Session().add(anon) Session().commit() time.sleep(1.5) # must sleep for cache (1s to expire) try: response = self.app.get(url(controller='home', action='index'), status=302) assert 'login' in response.location finally: anon = User.get_default_user() anon.active = True Session().add(anon) Session().commit()
def test_index_with_anonymous_access_disabled(self): anon = User.get_default_user() anon.active = False Session().add(anon) Session().commit() time.sleep(1.5) # must sleep for cache (1s to expire) try: response = self.app.get(url(controller='home', action='index'), status=302) assert 'login' in response.location finally: anon = User.get_default_user() anon.active = True Session().add(anon) Session().commit()
def prepare_users(self, request): # TODO: User creation is a duplicate of test_nofitications, check # if that can be unified self.u1 = UserModel().create_or_update(username=u'u1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') self.u2 = UserModel().create_or_update(username=u'u2', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u2', lastname=u'u2') self.u3 = UserModel().create_or_update(username=u'u3', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u3', lastname=u'u3') self.anon = User.get_default_user() self.a1 = UserModel().create_or_update(username=u'a1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'a1', lastname=u'a1', admin=True) Session().commit() request.addfinalizer(self.cleanup)
def test_user_permissions_on_group_with_recursive_mode_for_default_user(): # set permission to g0 recursive mode, all children including # other repos and groups should have this permission now set ! recursive = True group = 'g0' default_user_id = User.get_default_user().user_id permissions_setup_func(group, 'group.write', recursive=recursive, user_id=default_user_id) # change default to get perms for default user _get_repo_perms = functools.partial(_get_perms, key='repositories', test_u1_id=default_user_id) _get_group_perms = functools.partial(_get_perms, key='repositories_groups', test_u1_id=default_user_id) repo_items = [x for x in _get_repo_perms(group, recursive)] items = [x for x in _get_group_perms(group, recursive)] _check_expected_count(items, repo_items, expected_count(group, True)) for name, perm in repo_items: yield check_tree_perms, name, perm, group, 'repository.write' for name, perm in items: yield check_tree_perms, name, perm, group, 'group.write'
def _remove_default_user_from_query_cache(): user = User.get_default_user(cache=True) query = Session().query(User).filter(User.username == user.username) query = query.options( FromCache("sql_cache_short", "get_user_%s" % _hash_key(user.username))) query.invalidate() Session().expire(user)
def repo_public_journal(self, repo_name): """ Set's this repository to be visible in public journal, in other words assing default user to follow this repo :param repo_name: """ cur_token = request.POST.get('auth_token') token = get_token() if cur_token == token: try: repo_id = Repository.get_by_repo_name(repo_name).repo_id user_id = User.get_default_user().user_id self.scm_model.toggle_following_repo(repo_id, user_id) h.flash(_('Updated repository visibility in public journal'), category='success') Session().commit() except Exception: h.flash(_('An error occurred during setting this' ' repository in public journal'), category='error') else: h.flash(_('Token mismatch'), category='error') return redirect(url('edit_repo', repo_name=repo_name))
def repo_public_journal(self, repo_name): """ Set's this repository to be visible in public journal, in other words assing default user to follow this repo :param repo_name: """ cur_token = request.POST.get('auth_token') token = get_token() if cur_token == token: try: repo_id = Repository.get_by_repo_name(repo_name).repo_id user_id = User.get_default_user().user_id self.scm_model.toggle_following_repo(repo_id, user_id) h.flash(_('Updated repository visibility in public journal'), category='success') Session().commit() except Exception: h.flash(_('An error occurred during setting this' ' repository in public journal'), category='error') else: h.flash(_('Token mismatch'), category='error') return redirect(url('edit_repo', repo_name=repo_name))
def test_inherited_permissions_on_objects(self, perm, expected_perm): _form_result = { 'default_inherit_default_permissions': perm, } PermissionModel().set_new_user_perms(User.get_default_user(), _form_result) Session().commit() # make sure inherit flag is turned on self.u1.inherit_default_permissions = True Session().commit() # this user will have inherited permissions from default user assert global_perms(self.u1) == set([ 'hg.create.none', 'hg.fork.none', 'hg.register.manual_activate', 'hg.extern_activate.auto', 'repository.read', 'group.read', 'usergroup.read', 'hg.create.write_on_repogroup.true', 'hg.usergroup.create.false', 'hg.repogroup.create.false', perm, ]) assert set(repo_perms(self.u1).values()) == set([expected_perm])
def permissions_setup_func(group_name='g0', perm='group.read', recursive='all', user_id=None): """ Resets all permissions to perm attribute """ if not user_id: user_id = test_u1_id # called by the @with_setup decorator also reset the default user stuff permissions_setup_func(group_name, perm, recursive, user_id=User.get_default_user().user_id) # TODO: DRY, compare test_user_group:permissions_setup_func repo_group = RepoGroup.get_by_group_name(group_name=group_name) if not repo_group: raise Exception('Cannot get group %s' % group_name) perm_updates = [[user_id, perm, 'user']] RepoGroupModel().update_permissions(repo_group, perm_updates=perm_updates, recursive=recursive, check_perms=False) Session().commit()
def test_user_permissions_on_group_with_rec_group_mode_for_default_user(): # set permission to g0/g0_1 with recursive groups only mode, all children # sincluding other groups should have this permission now set. repositories # should remain intact as we use groups only mode ! recursive = 'groups' group = 'g0/g0_1' default_user_id = User.get_default_user().user_id # TODO: workaround due to different setup calls, adept to py.test style permissions_setup_func() permissions_setup_func(group, 'group.write', recursive=recursive, user_id=default_user_id) # change default to get perms for default user _get_repo_perms = functools.partial(_get_perms, key='repositories', test_u1_id=default_user_id) _get_group_perms = functools.partial(_get_perms, key='repositories_groups', test_u1_id=default_user_id) repo_items = [x for x in _get_repo_perms(group, recursive)] items = [x for x in _get_group_perms(group, recursive)] _check_expected_count(items, repo_items, expected_count(group, True)) for name, perm in repo_items: check_tree_perms(name, perm, group, 'repository.read') for name, perm in items: check_tree_perms(name, perm, group, 'group.write')
def register(self): c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\ .AuthUser.permissions['global'] if request.POST: register_form = RegisterForm()() try: form_result = register_form.to_python(dict(request.POST)) form_result['active'] = c.auto_active UserModel().create_registration(form_result) h.flash(_('You have successfully registered into RhodeCode'), category='success') Session().commit() return redirect(url('login_home')) except formencode.Invalid, errors: return htmlfill.render( render('/register.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8") except UserCreationError, e: # container auth or other auth functions that create users on # the fly can throw this exception signaling that there's issue # with user creation, explanation should be provided in # Exception itself h.flash(e, 'error')
def permission_ips(self): c.active = 'ips' c.user = User.get_default_user() c.user_ip_map = (UserIpMap.query().filter( UserIpMap.user == c.user).all()) return render('admin/permissions/permissions.html')
def test_api_update_user_default_user(self): usr = User.get_default_user() id_, params = build_data(self.apikey, 'update_user', userid=usr.user_id) response = api_call(self.app, params) expected = 'editing default user is forbidden' assert_error(id_, expected, given=response.body)
def permission_objects(self): c.active = 'objects' self.__load_data() c.user = User.get_default_user() defaults = {} defaults.update(c.user.get_default_perms()) return htmlfill.render(render('admin/permissions/permissions.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def test_auth_user_get_cookie_store_for_default_user(): default_user = User.get_default_user() auth_user = auth.AuthUser() expected_data = { 'username': User.DEFAULT_USER, 'user_id': default_user.user_id, 'password': md5(default_user.password), 'is_authenticated': True } assert auth_user.get_cookie_store() == expected_data
def test_cached_perms_data_default_permissions_on_repository_group(user_util): # Have a repository group with default permissions set repo_group = user_util.create_repo_group() default_user = User.get_default_user() user_util.grant_user_permission_to_repo_group( repo_group, default_user, 'repository.write') user = user_util.create_user() permissions = get_permissions(user) assert permissions['repositories_groups'][repo_group.group_name] == \ 'repository.write'
def edit(self, id, format='html'): """GET /permissions/id/edit: Form to edit an existing item""" #url('edit_permission', id=ID) #this form can only edit default user permissions if id == 'default': c.user = User.get_default_user() defaults = {'anonymous': c.user.active} c.perm_user = c.user.AuthUser c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == c.user).all() for p in c.user.user_perms: if p.permission.permission_name.startswith('repository.'): defaults[ 'default_repo_perm'] = p.permission.permission_name if p.permission.permission_name.startswith('group.'): defaults[ 'default_group_perm'] = p.permission.permission_name if p.permission.permission_name.startswith('usergroup.'): defaults[ 'default_user_group_perm'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.create.'): defaults[ 'default_repo_create'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.repogroup.'): defaults[ 'default_repo_group_create'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.usergroup.'): defaults[ 'default_user_group_create'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.register.'): defaults['default_register'] = p.permission.permission_name if p.permission.permission_name.startswith( 'hg.extern_activate.'): defaults[ 'default_extern_activate'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.fork.'): defaults['default_fork'] = p.permission.permission_name return htmlfill.render( render('admin/permissions/permissions.html'), defaults=defaults, encoding="UTF-8", force_defaults=False) else: return redirect(url('admin_home'))
def __load_data(self, repo_name=None): """ Load defaults settings for edit, and update :param repo_name: """ self.__load_defaults() c.repo_info = db_repo = Repository.get_by_repo_name(repo_name) repo = db_repo.scm_instance if c.repo_info is None: h.not_mapped_error(repo_name) return redirect(url('repos')) ##override defaults for exact repo info here git/hg etc choices, c.landing_revs = ScmModel().get_repo_landing_revs(c.repo_info) c.landing_revs_choices = choices c.default_user_id = User.get_default_user().user_id c.in_public_journal = UserFollowing.query()\ .filter(UserFollowing.user_id == c.default_user_id)\ .filter(UserFollowing.follows_repository == c.repo_info).scalar() if c.repo_info.stats: # this is on what revision we ended up so we add +1 for count last_rev = c.repo_info.stats.stat_on_revision + 1 else: last_rev = 0 c.stats_revision = last_rev c.repo_last_rev = repo.count() if repo.revisions else 0 if last_rev == 0 or c.repo_last_rev == 0: c.stats_percentage = 0 else: c.stats_percentage = '%.2f' % ((float((last_rev)) / c.repo_last_rev) * 100) c.repo_fields = RepositoryField.query()\ .filter(RepositoryField.repository == db_repo).all() defaults = RepoModel()._get_defaults(repo_name) _repos = Repository.query().order_by(Repository.repo_name).all() read_access_repos = RepoList(_repos) c.repos_list = [('', _('--REMOVE FORK--'))] c.repos_list += [(x.repo_id, x.repo_name) for x in read_access_repos if x.repo_id != c.repo_info.repo_id] defaults['id_fork_of'] = db_repo.fork.repo_id if db_repo.fork else '' return defaults
def test_cached_perms_data_repository_permissions_for_owner( backend_random, user_util): user = user_util.create_user() repo = backend_random.create_repo() repo.user_id = user.user_id permissions = get_permissions(user) assert permissions['repositories'][repo.repo_name] == 'repository.admin' # TODO: johbo: Make cleanup in UserUtility smarter, then remove this hack repo.user_id = User.get_default_user().user_id
def __load_data(self, repo_name=None): """ Load defaults settings for edit, and update :param repo_name: """ self.__load_defaults() c.repo_info = db_repo = Repository.get_by_repo_name(repo_name) repo = db_repo.scm_instance if c.repo_info is None: h.not_mapped_error(repo_name) return redirect(url('repos')) ##override defaults for exact repo info here git/hg etc choices, c.landing_revs = ScmModel().get_repo_landing_revs(c.repo_info) c.landing_revs_choices = choices c.default_user_id = User.get_default_user().user_id c.in_public_journal = UserFollowing.query()\ .filter(UserFollowing.user_id == c.default_user_id)\ .filter(UserFollowing.follows_repository == c.repo_info).scalar() if c.repo_info.stats: # this is on what revision we ended up so we add +1 for count last_rev = c.repo_info.stats.stat_on_revision + 1 else: last_rev = 0 c.stats_revision = last_rev c.repo_last_rev = repo.count() if repo.revisions else 0 if last_rev == 0 or c.repo_last_rev == 0: c.stats_percentage = 0 else: c.stats_percentage = '%.2f' % ((float( (last_rev)) / c.repo_last_rev) * 100) c.repo_fields = RepositoryField.query()\ .filter(RepositoryField.repository == db_repo).all() defaults = RepoModel()._get_defaults(repo_name) _repos = Repository.query().order_by(Repository.repo_name).all() read_access_repos = RepoList(_repos) c.repos_list = [('', _('--REMOVE FORK--'))] c.repos_list += [(x.repo_id, x.repo_name) for x in read_access_repos if x.repo_id != c.repo_info.repo_id] defaults['id_fork_of'] = db_repo.fork.repo_id if db_repo.fork else '' return defaults
def register_post(self): captcha_private_key = SettingsModel().get_setting_by_name( 'rhodecode_captcha_private_key') captcha_active = bool(captcha_private_key) auto_active = 'hg.register.auto_activate' in User.get_default_user()\ .AuthUser.permissions['global'] register_form = RegisterForm()() try: form_result = register_form.to_python(self.request.params) form_result['active'] = auto_active if captcha_active: response = submit( self.request.params.get('recaptcha_challenge_field'), self.request.params.get('recaptcha_response_field'), private_key=captcha_private_key, remoteip=get_ip_addr(self.request.environ)) if captcha_active and not response.is_valid: _value = form_result _msg = _('bad captcha') error_dict = {'recaptcha_field': _msg} raise formencode.Invalid(_msg, _value, None, error_dict=error_dict) new_user = UserModel().create_registration(form_result) event = UserRegistered(user=new_user, session=self.session) self.request.registry.notify(event) self.session.flash( _('You have successfully registered with RhodeCode'), queue='success') Session().commit() redirect_ro = self.request.route_path('login') raise HTTPFound(redirect_ro) except formencode.Invalid as errors: del errors.value['password'] del errors.value['password_confirmation'] return self.register( defaults=errors.value, errors=errors.error_dict) except UserCreationError as e: # container auth or other auth functions that create users on # the fly can throw this exception signaling that there's issue # with user creation, explanation should be provided in # Exception itself self.session.flash(e, queue='error') return self.register()
def _create_default_perms(self, new_group): # create default permission default_perm = 'group.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('group.'): default_perm = p.permission.permission_name break repo_group_to_perm = UserRepoGroupToPerm() repo_group_to_perm.permission = Permission.get_by_key(default_perm) repo_group_to_perm.group = new_group repo_group_to_perm.user_id = def_user.user_id return repo_group_to_perm
def _create_default_perms(self, new_group): # create default permission default_perm = 'group.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('group.'): default_perm = p.permission.permission_name break repo_group_to_perm = UserRepoGroupToPerm() repo_group_to_perm.permission = Permission.get_by_key(default_perm) repo_group_to_perm.group = new_group repo_group_to_perm.user_id = def_user.user_id return repo_group_to_perm
def _create_default_perms(self, user_group): # create default permission default_perm = "usergroup.read" def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith("usergroup."): default_perm = p.permission.permission_name break user_group_to_perm = UserUserGroupToPerm() user_group_to_perm.permission = Permission.get_by_key(default_perm) user_group_to_perm.user_group = user_group user_group_to_perm.user_id = def_user.user_id return user_group_to_perm
def fixup_groups(self): def_usr = User.get_default_user() for g in RepoGroup.query().all(): g.group_name = g.get_new_name(g.name) self.sa.add(g) # get default perm default = UserRepoGroupToPerm.query()\ .filter(UserRepoGroupToPerm.group == g)\ .filter(UserRepoGroupToPerm.user == def_usr)\ .scalar() if default is None: log.debug('missing default permission for group %s adding' % g) perm_obj = RepoGroupModel()._create_default_perms(g) self.sa.add(perm_obj)
def fixup_groups(self): def_usr = User.get_default_user() for g in RepoGroup.query().all(): g.group_name = g.get_new_name(g.name) self.sa.add(g) # get default perm default = UserRepoGroupToPerm.query()\ .filter(UserRepoGroupToPerm.group == g)\ .filter(UserRepoGroupToPerm.user == def_usr)\ .scalar() if default is None: log.debug('missing default permission for group %s adding' % g) perm_obj = ReposGroupModel()._create_default_perms(g) self.sa.add(perm_obj)
def edit_global_perms(self, user_group_id): user_group_id = safe_int(user_group_id) c.user_group = UserGroup.get_or_404(user_group_id) c.active = 'global_perms' c.default_user = User.get_default_user() defaults = c.user_group.get_dict() defaults.update(c.default_user.get_default_perms(suffix='_inherited')) defaults.update(c.user_group.get_default_perms()) return htmlfill.render( render('admin/user_groups/user_group_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def _create_default_perms(self, user_group): # create default permission default_perm = 'usergroup.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('usergroup.'): default_perm = p.permission.permission_name break user_group_to_perm = UserUserGroupToPerm() user_group_to_perm.permission = Permission.get_by_key(default_perm) user_group_to_perm.user_group = user_group user_group_to_perm.user_id = def_user.user_id return user_group_to_perm
def test_inherited_permissions_from_default_on_user_enabled(self): # enable fork and create on default user _form_result = { 'default_repo_create': 'hg.create.repository', 'default_fork_create': 'hg.fork.repository' } PermissionModel().set_new_user_perms(User.get_default_user(), _form_result) Session().commit() # make sure inherit flag is turned on self.u1.inherit_default_permissions = True Session().commit() # this user will have inherited permissions from default user assert global_perms(self.u1) == default_perms()
def update(self, id): """PUT /permissions/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('permission', id=ID), # method='put') # url('permission', id=ID) if id == 'default': c.user = default_user = User.get_default_user() c.perm_user = AuthUser(user_id=default_user.user_id) c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == default_user).all() _form = DefaultPermissionsForm( [x[0] for x in c.repo_perms_choices], [x[0] for x in c.group_perms_choices], [x[0] for x in c.user_group_perms_choices], [x[0] for x in c.repo_create_choices], [x[0] for x in c.repo_group_create_choices], [x[0] for x in c.user_group_create_choices], [x[0] for x in c.fork_choices], [x[0] for x in c.register_choices], [x[0] for x in c.extern_activate_choices], )() try: form_result = _form.to_python(dict(request.POST)) form_result.update({'perm_user_name': id}) PermissionModel().update(form_result) Session().commit() h.flash(_('Default permissions updated successfully'), category='success') except formencode.Invalid, errors: defaults = errors.value return htmlfill.render( render('admin/permissions/permissions.html'), defaults=defaults, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8") except Exception: log.error(traceback.format_exc()) h.flash(_('Error occurred during update of permissions'), category='error')
def edit(self, id, format='html'): """GET /permissions/id/edit: Form to edit an existing item""" #url('edit_permission', id=ID) #this form can only edit default user permissions if id == 'default': c.user = User.get_default_user() defaults = {'anonymous': c.user.active} c.perm_user = c.user.AuthUser c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == c.user).all() for p in c.user.user_perms: if p.permission.permission_name.startswith('repository.'): defaults['default_repo_perm'] = p.permission.permission_name if p.permission.permission_name.startswith('group.'): defaults['default_group_perm'] = p.permission.permission_name if p.permission.permission_name.startswith('usergroup.'): defaults['default_user_group_perm'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.create.'): defaults['default_repo_create'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.repogroup.'): defaults['default_repo_group_create'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.usergroup.'): defaults['default_user_group_create'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.register.'): defaults['default_register'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.extern_activate.'): defaults['default_extern_activate'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.fork.'): defaults['default_fork'] = p.permission.permission_name return htmlfill.render( render('admin/permissions/permissions.html'), defaults=defaults, encoding="UTF-8", force_defaults=False ) else: return redirect(url('admin_home'))
def update(self, id): """PUT /permissions/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('permission', id=ID), # method='put') # url('permission', id=ID) if id == 'default': c.user = default_user = User.get_default_user() c.perm_user = AuthUser(user_id=default_user.user_id) c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == default_user).all() _form = DefaultPermissionsForm( [x[0] for x in c.repo_perms_choices], [x[0] for x in c.group_perms_choices], [x[0] for x in c.user_group_perms_choices], [x[0] for x in c.repo_create_choices], [x[0] for x in c.repo_group_create_choices], [x[0] for x in c.user_group_create_choices], [x[0] for x in c.fork_choices], [x[0] for x in c.register_choices], [x[0] for x in c.extern_activate_choices], )() try: form_result = _form.to_python(dict(request.POST)) form_result.update({'perm_user_name': id}) PermissionModel().update(form_result) Session().commit() h.flash(_('Default permissions updated successfully'), category='success') except formencode.Invalid, errors: defaults = errors.value return htmlfill.render( render('admin/permissions/permissions.html'), defaults=defaults, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8") except Exception: log.error(traceback.format_exc()) h.flash(_('Error occurred during update of permissions'), category='error')
def test_cached_perms_data_default_permissions_on_repository_group_no_inherit( user_util): # Have a repository group repo_group = user_util.create_repo_group() default_user = User.get_default_user() # Add a permission for the default user to hit the code path user_util.grant_user_permission_to_repo_group( repo_group, default_user, 'repository.write') # Don't inherit default object permissions user = user_util.create_user() UserModel().grant_perm(user, 'hg.inherit_default_perms.false') permissions = get_permissions(user) assert permissions['repositories_groups'][repo_group.group_name] == \ 'group.none'
def test_cached_perms_data_default_permissions_on_repository_group_owner( user_util): # Have a repository group repo_group = user_util.create_repo_group() default_user = User.get_default_user() # Add a permission for the default user to hit the code path user_util.grant_user_permission_to_repo_group( repo_group, default_user, 'repository.write') # Have an owner of the group user = user_util.create_user() repo_group.user_id = user.user_id permissions = get_permissions(user) assert permissions['repositories_groups'][repo_group.group_name] == \ 'group.admin'
def _create_default_perms(self, repository, private): # create default permission default = 'repository.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('repository.'): default = p.permission.permission_name break default_perm = 'repository.none' if private else default repo_to_perm = UserRepoToPerm() repo_to_perm.permission = Permission.get_by_key(default_perm) repo_to_perm.repository = repository repo_to_perm.user_id = def_user.user_id return repo_to_perm
def _create_default_perms(self, repository, private): # create default permission default = 'repository.read' def_user = User.get_default_user() for p in def_user.user_perms: if p.permission.permission_name.startswith('repository.'): default = p.permission.permission_name break default_perm = 'repository.none' if private else default repo_to_perm = UserRepoToPerm() repo_to_perm.permission = Permission.get_by_key(default_perm) repo_to_perm.repository = repository repo_to_perm.user_id = def_user.user_id return repo_to_perm
def setUp(self): self.u1 = UserModel().create_or_update( username=u'u1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1' ) self.u2 = UserModel().create_or_update( username=u'u2', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u2', lastname=u'u2' ) self.u3 = UserModel().create_or_update( username=u'u3', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u3', lastname=u'u3' ) self.anon = User.get_default_user() self.a1 = UserModel().create_or_update( username=u'a1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'a1', lastname=u'a1', admin=True ) Session().commit()
def __load_data(self, repo_name=None): """ Load defaults settings for edit, and update :param repo_name: """ self.__load_defaults() c.repo_info = db_repo = Repository.get_by_repo_name(repo_name) repo = db_repo.scm_instance if c.repo_info is None: h.not_mapped_error(repo_name) return redirect(url('repos')) c.default_user_id = User.get_default_user().user_id c.in_public_journal = UserFollowing.query()\ .filter(UserFollowing.user_id == c.default_user_id)\ .filter(UserFollowing.follows_repository == c.repo_info).scalar() if c.repo_info.stats: last_rev = c.repo_info.stats.stat_on_revision + 1 else: last_rev = 0 c.stats_revision = last_rev c.repo_last_rev = repo.count() if repo.revisions else 0 if last_rev == 0 or c.repo_last_rev == 0: c.stats_percentage = 0 else: c.stats_percentage = '%.2f' % ((float( (last_rev)) / c.repo_last_rev) * 100) defaults = RepoModel()._get_defaults(repo_name) # alter the description to indicate a fork defaults['description'] = ( 'fork of repository: %s \n%s' % (defaults['repo_name'], defaults['description'])) # add suffix to fork defaults['repo_name'] = '%s-fork' % defaults['repo_name'] return defaults
def __load_data(self, repo_name=None): """ Load defaults settings for edit, and update :param repo_name: """ self.__load_defaults() c.repo_info = db_repo = Repository.get_by_repo_name(repo_name) repo = db_repo.scm_instance if c.repo_info is None: h.not_mapped_error(repo_name) return redirect(url('repos')) c.default_user_id = User.get_default_user().user_id c.in_public_journal = UserFollowing.query()\ .filter(UserFollowing.user_id == c.default_user_id)\ .filter(UserFollowing.follows_repository == c.repo_info).scalar() if c.repo_info.stats: last_rev = c.repo_info.stats.stat_on_revision+1 else: last_rev = 0 c.stats_revision = last_rev c.repo_last_rev = repo.count() if repo.revisions else 0 if last_rev == 0 or c.repo_last_rev == 0: c.stats_percentage = 0 else: c.stats_percentage = '%.2f' % ((float((last_rev)) / c.repo_last_rev) * 100) defaults = RepoModel()._get_defaults(repo_name) # alter the description to indicate a fork defaults['description'] = ('fork of repository: %s \n%s' % (defaults['repo_name'], defaults['description'])) # add suffix to fork defaults['repo_name'] = '%s-fork' % defaults['repo_name'] return defaults
def register(self): c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\ .AuthUser.permissions['global'] if request.POST: register_form = RegisterForm()() try: form_result = register_form.to_python(dict(request.POST)) form_result['active'] = c.auto_active UserModel().create_registration(form_result) h.flash(_('You have successfully registered into RhodeCode'), category='success') Session().commit() return redirect(url('login_home')) except formencode.Invalid, errors: return htmlfill.render( render('/register.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def login_container_auth(username): user = User.get_by_username(username) if user is None: user_attrs = { 'name': username, 'lastname': None, 'email': None, 'active': 'hg.extern_activate.auto' in User.get_default_user()\ .AuthUser.permissions['global'] } user = UserModel().create_for_container_auth(username, user_attrs) if not user: return None log.info('User %s was created by container authentication' % username) if not user.active: return None user.update_lastlogin() Session().commit() log.debug('User %s is now logged in by container authentication', user.username) return user
def authenticate(username, password): """ Authentication function used for access control, firstly checks for db authentication then if ldap is enabled for ldap authentication, also creates ldap user if not in database :param username: username :param password: password """ user_model = UserModel() user = User.get_by_username(username) log.debug('Authenticating user using RhodeCode account') if user is not None and not user.ldap_dn: if user.active: if user.username == 'default' and user.active: log.info('user %s authenticated correctly as anonymous user' % username) return True elif user.username == username and check_password(password, user.password): log.info('user %s authenticated correctly' % username) return True else: log.warning('user %s tried auth but is disabled' % username) else: log.debug('Regular authentication failed') user_obj = User.get_by_username(username, case_insensitive=True) if user_obj is not None and not user_obj.ldap_dn: log.debug('this user already exists as non ldap') return False ldap_settings = RhodeCodeSetting.get_ldap_settings() #====================================================================== # FALLBACK TO LDAP AUTH IF ENABLE #====================================================================== if str2bool(ldap_settings.get('ldap_active')): log.debug("Authenticating user using ldap") kwargs = { 'server': ldap_settings.get('ldap_host', ''), 'base_dn': ldap_settings.get('ldap_base_dn', ''), 'port': ldap_settings.get('ldap_port'), 'bind_dn': ldap_settings.get('ldap_dn_user'), 'bind_pass': ldap_settings.get('ldap_dn_pass'), 'tls_kind': ldap_settings.get('ldap_tls_kind'), 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), 'ldap_filter': ldap_settings.get('ldap_filter'), 'search_scope': ldap_settings.get('ldap_search_scope'), 'attr_login': ldap_settings.get('ldap_attr_login'), 'ldap_version': 3, } log.debug('Checking for ldap authentication') try: aldap = AuthLdap(**kwargs) (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) log.debug('Got ldap DN response %s' % user_dn) get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\ .get(k), [''])[0] user_attrs = { 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')), 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')), 'email': get_ldap_attr('ldap_attr_email'), 'active': 'hg.extern_activate.auto' in User.get_default_user()\ .AuthUser.permissions['global'] } # don't store LDAP password since we don't need it. Override # with some random generated password _password = PasswordGenerator().gen_password(length=8) # create this user on the fly if it doesn't exist in rhodecode # database if user_model.create_ldap(username, _password, user_dn, user_attrs): log.info('created new ldap user %s' % username) Session().commit() return True except (LdapUsernameError, LdapPasswordError, LdapImportError): pass except (Exception,): log.error(traceback.format_exc()) pass return False