def validate_python(self, value, state): if value in ['default']: msg = M(self, 'invalid_group', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) #check if group is unique old_ugname = None if edit: old_id = old_data.get('users_group_id') old_ugname = UserGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UserGroup.get_by_group_name(value, case_insensitive=True) if is_existing_group: msg = M(self, 'group_exist', state, usergroup=value) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) ) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: msg = M(self, 'invalid_usergroup_name', state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg) )
def get_user_group_slug(request): _group = request.environ['pylons.routes_dict'].get('id') try: _group = UserGroup.get(_group) if _group: _group = _group.users_group_name except Exception: log.debug(traceback.format_exc()) #catch all failures here pass return _group
def test_create_and_remove(test_user): usr = test_user # make user group user_group = fixture.create_user_group('some_example_group') Session().commit() UserGroupModel().add_user_to_group(user_group, usr) Session().commit() assert UserGroup.get(user_group.users_group_id) == user_group assert UserGroupMember.query().count() == 1 UserModel().delete(usr.user_id) Session().commit() assert UserGroupMember.query().all() == []
def test_create_and_remove(self): usr = UserModel().create_or_update(username=u'test_user', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') Session().commit() self.assertEqual(User.get_by_username(u'test_user'), usr) # make user group users_group = UserGroupModel().create('some_example_group') Session().commit() UserGroupModel().add_user_to_group(users_group, usr) Session().commit() self.assertEqual(UserGroup.get(users_group.users_group_id), users_group) self.assertEqual(UserGroupMember.query().count(), 1) UserModel().delete(usr.user_id) Session().commit() self.assertEqual(UserGroupMember.query().all(), [])
def update_user_group_permissions(self, form_result): if 'perm_user_group_id' in form_result: perm_user_group = UserGroup.get( safe_int(form_result['perm_user_group_id'])) else: # used mostly to do lookup for default user perm_user_group = UserGroup.get_by_group_name( form_result['perm_user_group_name']) try: # stage 2 reset defaults and set them from form data self._set_new_user_group_perms(perm_user_group, form_result, preserve=[ 'default_repo_perm', 'default_group_perm', 'default_user_group_perm', 'default_register', 'default_extern_activate' ]) self.sa.commit() except (DatabaseError, ): log.error(traceback.format_exc()) self.sa.rollback() raise
def get(self, users_group_id, cache=False): return UserGroup.get(users_group_id)
def update_permissions(self, repo, perm_additions=None, perm_updates=None, perm_deletions=None, check_perms=True, cur_user=None): if not perm_additions: perm_additions = [] if not perm_updates: perm_updates = [] if not perm_deletions: perm_deletions = [] req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') # update permissions for member_id, perm, member_type in perm_updates: member_id = int(member_id) if member_type == 'user': # this updates also current one if found self.grant_user_permission(repo=repo, user=member_id, perm=perm) else: # set for user group # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny(*req_perms)( member_name, user=cur_user): self.grant_user_group_permission(repo=repo, group_name=member_id, perm=perm) # set new permissions for member_id, perm, member_type in perm_additions: member_id = int(member_id) if member_type == 'user': self.grant_user_permission(repo=repo, user=member_id, perm=perm) else: # set for user group # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny(*req_perms)( member_name, user=cur_user): self.grant_user_group_permission(repo=repo, group_name=member_id, perm=perm) # delete permissions for member_id, perm, member_type in perm_deletions: member_id = int(member_id) if member_type == 'user': self.revoke_user_permission(repo=repo, user=member_id) else: # set for user group # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny(*req_perms)( member_name, user=cur_user): self.revoke_user_group_permission(repo=repo, group_name=member_id)
def update_permissions( self, repo_group, perm_additions=None, perm_updates=None, perm_deletions=None, recursive=None, check_perms=True, cur_user=None): from rhodecode.model.repo import RepoModel from rhodecode.lib.auth import HasUserGroupPermissionAny if not perm_additions: perm_additions = [] if not perm_updates: perm_updates = [] if not perm_deletions: perm_deletions = [] req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') def _set_perm_user(obj, user, perm): if isinstance(obj, RepoGroup): self.grant_user_permission( repo_group=obj, user=user, perm=perm) elif isinstance(obj, Repository): # private repos will not allow to change the default # permissions using recursive mode if obj.private and user == User.DEFAULT_USER: return # we set group permission but we have to switch to repo # permission perm = perm.replace('group.', 'repository.') RepoModel().grant_user_permission( repo=obj, user=user, perm=perm) def _set_perm_group(obj, users_group, perm): if isinstance(obj, RepoGroup): self.grant_user_group_permission( repo_group=obj, group_name=users_group, perm=perm) elif isinstance(obj, Repository): # we set group permission but we have to switch to repo # permission perm = perm.replace('group.', 'repository.') RepoModel().grant_user_group_permission( repo=obj, group_name=users_group, perm=perm) def _revoke_perm_user(obj, user): if isinstance(obj, RepoGroup): self.revoke_user_permission(repo_group=obj, user=user) elif isinstance(obj, Repository): RepoModel().revoke_user_permission(repo=obj, user=user) def _revoke_perm_group(obj, user_group): if isinstance(obj, RepoGroup): self.revoke_user_group_permission( repo_group=obj, group_name=user_group) elif isinstance(obj, Repository): RepoModel().revoke_user_group_permission( repo=obj, group_name=user_group) # start updates updates = [] log.debug('Now updating permissions for %s in recursive mode:%s', repo_group, recursive) # initialize check function, we'll call that multiple times has_group_perm = HasUserGroupPermissionAny(*req_perms) for obj in repo_group.recursive_groups_and_repos(): # iterated obj is an instance of a repos group or repository in # that group, recursive option can be: none, repos, groups, all if recursive == 'all': obj = obj elif recursive == 'repos': # skip groups, other than this one if isinstance(obj, RepoGroup) and not obj == repo_group: continue elif recursive == 'groups': # skip repos if isinstance(obj, Repository): continue else: # recursive == 'none': # DEFAULT option - don't apply to iterated objects # also we do a break at the end of this loop. if we are not # in recursive mode obj = repo_group # update permissions for member_id, perm, member_type in perm_updates: member_id = int(member_id) if member_type == 'user': # this updates also current one if found _set_perm_user(obj, user=member_id, perm=perm) else: # set for user group member_name = UserGroup.get(member_id).users_group_name if not check_perms or has_group_perm(member_name, user=cur_user): _set_perm_group(obj, users_group=member_id, perm=perm) # set new permissions for member_id, perm, member_type in perm_additions: member_id = int(member_id) if member_type == 'user': _set_perm_user(obj, user=member_id, perm=perm) else: # set for user group # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or has_group_perm(member_name, user=cur_user): _set_perm_group(obj, users_group=member_id, perm=perm) # delete permissions for member_id, perm, member_type in perm_deletions: member_id = int(member_id) if member_type == 'user': _revoke_perm_user(obj, user=member_id) else: # set for user group # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or has_group_perm(member_name, user=cur_user): _revoke_perm_group(obj, user_group=member_id) updates.append(obj) # if it's not recursive call for all,repos,groups # break the loop and don't proceed with other changes if recursive not in ['all', 'repos', 'groups']: break return updates
def update_permissions(self, user_group, perm_additions=None, perm_updates=None, perm_deletions=None, check_perms=True, cur_user=None): from rhodecode.lib.auth import HasUserGroupPermissionAny if not perm_additions: perm_additions = [] if not perm_updates: perm_updates = [] if not perm_deletions: perm_deletions = [] req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') # update permissions for member_id, perm, member_type in perm_updates: member_id = int(member_id) if member_type == 'user': # this updates existing one self.grant_user_permission(user_group=user_group, user=member_id, perm=perm) else: # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny(*req_perms)( member_name, user=cur_user): self.grant_user_group_permission( target_user_group=user_group, user_group=member_id, perm=perm) # set new permissions for member_id, perm, member_type in perm_additions: member_id = int(member_id) if member_type == 'user': self.grant_user_permission(user_group=user_group, user=member_id, perm=perm) else: # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny(*req_perms)( member_name, user=cur_user): self.grant_user_group_permission( target_user_group=user_group, user_group=member_id, perm=perm) # delete permissions for member_id, perm, member_type in perm_deletions: member_id = int(member_id) if member_type == 'user': self.revoke_user_permission(user_group=user_group, user=member_id) else: #check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny(*req_perms)( member_name, user=cur_user): self.revoke_user_group_permission( target_user_group=user_group, user_group=member_id)