def grant_users_group_permission(self, repos_group, group_name, perm): """ Grant permission for user group on given repository group, or update existing one if found :param repos_group: Instance of ReposGroup, repositories_group_id, or repositories_group name :param group_name: Instance of UserGroup, users_group_id, or user group name :param perm: Instance of Permission, or permission_name """ repos_group = self._get_repo_group(repos_group) group_name = self._get_user_group(group_name) permission = self._get_perm(perm) # check if we have that permission already obj = self.sa.query(UserGroupRepoGroupToPerm)\ .filter(UserGroupRepoGroupToPerm.group == repos_group)\ .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ .scalar() if obj is None: # create new obj = UserGroupRepoGroupToPerm() obj.group = repos_group obj.users_group = group_name obj.permission = permission self.sa.add(obj) log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
def _load_data(self, id): c.users_group.permissions = { 'repositories': {}, 'repositories_groups': {} } ugroup_repo_perms = UserGroupRepoToPerm.query()\ .options(joinedload(UserGroupRepoToPerm.permission))\ .options(joinedload(UserGroupRepoToPerm.repository))\ .filter(UserGroupRepoToPerm.users_group_id == id)\ .all() for gr in ugroup_repo_perms: c.users_group.permissions['repositories'][gr.repository.repo_name] \ = gr.permission.permission_name ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ .options(joinedload(UserGroupRepoGroupToPerm.permission))\ .options(joinedload(UserGroupRepoGroupToPerm.group))\ .filter(UserGroupRepoGroupToPerm.users_group_id == id)\ .all() for gr in ugroup_group_perms: c.users_group.permissions['repositories_groups'][gr.group.group_name] \ = gr.permission.permission_name c.group_members_obj = sorted((x.user for x in c.users_group.members), key=lambda u: u.username.lower()) c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] c.available_members = sorted( ((x.user_id, x.username) for x in User.query().all()), key=lambda u: u[1].lower())
def delete(self, user_group, force=False): """ Deletes repository group, unless force flag is used raises exception if there are members in that group, else deletes group and users :param user_group: :param force: """ user_group = self._get_user_group(user_group) try: # check if this group is not assigned to repo assigned_to_repo = [x.repository for x in UserGroupRepoToPerm.query()\ .filter(UserGroupRepoToPerm.users_group == user_group).all()] # check if this group is not assigned to repo assigned_to_repo_group = [x.group for x in UserGroupRepoGroupToPerm.query()\ .filter(UserGroupRepoGroupToPerm.users_group == user_group).all()] if (assigned_to_repo or assigned_to_repo_group) and not force: assigned = ','.join( map(safe_str, assigned_to_repo + assigned_to_repo_group)) raise UserGroupAssignedException('UserGroup assigned to %s' % (assigned, )) self.sa.delete(user_group) except Exception: log.error(traceback.format_exc()) raise
def edit_perms_summary(self, user_group_id): user_group_id = safe_int(user_group_id) c.user_group = UserGroup.get_or_404(user_group_id) c.active = 'perms_summary' permissions = { 'repositories': {}, 'repositories_groups': {}, } ugroup_repo_perms = UserGroupRepoToPerm.query()\ .options(joinedload(UserGroupRepoToPerm.permission))\ .options(joinedload(UserGroupRepoToPerm.repository))\ .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\ .all() for gr in ugroup_repo_perms: permissions['repositories'][gr.repository.repo_name] \ = gr.permission.permission_name ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ .options(joinedload(UserGroupRepoGroupToPerm.permission))\ .options(joinedload(UserGroupRepoGroupToPerm.group))\ .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\ .all() for gr in ugroup_group_perms: permissions['repositories_groups'][gr.group.group_name] \ = gr.permission.permission_name c.permissions = permissions return render('admin/user_groups/user_group_edit.html')
def _load_data(self, id): c.users_group.permissions = { 'repositories': {}, 'repositories_groups': {} } ugroup_repo_perms = UserGroupRepoToPerm.query()\ .options(joinedload(UserGroupRepoToPerm.permission))\ .options(joinedload(UserGroupRepoToPerm.repository))\ .filter(UserGroupRepoToPerm.users_group_id == id)\ .all() for gr in ugroup_repo_perms: c.users_group.permissions['repositories'][gr.repository.repo_name] \ = gr.permission.permission_name ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ .options(joinedload(UserGroupRepoGroupToPerm.permission))\ .options(joinedload(UserGroupRepoGroupToPerm.group))\ .filter(UserGroupRepoGroupToPerm.users_group_id == id)\ .all() for gr in ugroup_group_perms: c.users_group.permissions['repositories_groups'][gr.group.group_name] \ = gr.permission.permission_name c.group_members_obj = sorted((x.user for x in c.users_group.members), key=lambda u: u.username.lower()) c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] c.available_members = sorted(((x.user_id, x.username) for x in User.query().all()), key=lambda u: u[1].lower())
def _create_repo(self, repo_name, repo_type, description, owner, private=False, clone_uri=None, repo_group=None, landing_rev='rev:tip', fork_of=None, copy_fork_permissions=False, enable_statistics=False, enable_locking=False, enable_downloads=False, copy_group_permissions=False, state=Repository.STATE_PENDING): """ Create repository inside database with PENDING state, this should be only executed by create() repo. With exception of importing existing repos """ from rhodecode.model.scm import ScmModel owner = self._get_user(owner) fork_of = self._get_repo(fork_of) repo_group = self._get_repo_group(safe_int(repo_group)) try: repo_name = safe_unicode(repo_name) description = safe_unicode(description) # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name_full = repo_name repo_name = repo_name.split(Repository.NAME_SEP)[-1] new_repo = Repository() new_repo.repo_state = state new_repo.enable_statistics = False new_repo.repo_name = repo_name_full new_repo.repo_type = repo_type new_repo.user = owner new_repo.group = repo_group new_repo.description = description or repo_name new_repo.private = private new_repo.clone_uri = clone_uri new_repo.landing_rev = landing_rev new_repo.enable_statistics = enable_statistics new_repo.enable_locking = enable_locking new_repo.enable_downloads = enable_downloads if repo_group: new_repo.enable_locking = repo_group.enable_locking if fork_of: parent_repo = fork_of new_repo.fork = parent_repo self.sa.add(new_repo) EMPTY_PERM = 'repository.none' if fork_of and copy_fork_permissions: repo = fork_of user_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == repo).all() group_perms = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UserGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) # in case we copy permissions and also set this repo to private # override the default user permission to make it a private # repo if private: RepoModel(self.sa).grant_user_permission( repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM) elif repo_group and copy_group_permissions: user_perms = UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.group == repo_group).all() group_perms = UserGroupRepoGroupToPerm.query() \ .filter(UserGroupRepoGroupToPerm.group == repo_group).all() for perm in user_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserRepoToPerm.create(perm.user, new_repo, perm_obj) for perm in group_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj) if private: RepoModel(self.sa).grant_user_permission( repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM) else: perm_obj = self._create_default_perms(new_repo, private) self.sa.add(perm_obj) # now automatically start following this repository as owner ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, owner.user_id) # we need to flush here, in order to check if database won't # throw any exceptions, create filesystem dirs at the very end self.sa.flush() return new_repo except Exception: log.error(traceback.format_exc()) raise
def create(self, group_name, group_description, owner, just_db=False, copy_permissions=False, commit_early=True): (group_name_cleaned, parent_group_name) = RepoGroupModel()._get_group_name_and_parent(group_name) parent_group = None if parent_group_name: parent_group = self._get_repo_group(parent_group_name) # becase we are doing a cleanup, we need to check if such directory # already exists. If we don't do that we can accidentally delete existing # directory via cleanup that can cause data issues, since delete does a # folder rename to special syntax later cleanup functions can delete this cleanup_group = self.check_exist_filesystem(group_name, exc_on_failure=False) try: user = self._get_user(owner) new_repo_group = RepoGroup() new_repo_group.user = user new_repo_group.group_description = group_description or group_name new_repo_group.parent_group = parent_group new_repo_group.group_name = group_name self.sa.add(new_repo_group) # create an ADMIN permission for owner except if we're super admin, # later owner should go into the owner field of groups if not user.is_admin: self.grant_user_permission(repo_group=new_repo_group, user=owner, perm='group.admin') if parent_group and copy_permissions: # copy permissions from parent user_perms = UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.group == parent_group).all() group_perms = UserGroupRepoGroupToPerm.query() \ .filter(UserGroupRepoGroupToPerm.group == parent_group).all() for perm in user_perms: # don't copy over the permission for user who is creating # this group, if he is not super admin he get's admin # permission set above if perm.user != user or user.is_admin: UserRepoGroupToPerm.create( perm.user, new_repo_group, perm.permission) for perm in group_perms: UserGroupRepoGroupToPerm.create( perm.users_group, new_repo_group, perm.permission) else: perm_obj = self._create_default_perms(new_repo_group) self.sa.add(perm_obj) # now commit the changes, earlier so we are sure everything is in # the database. if commit_early: self.sa.commit() if not just_db: self._create_group(new_repo_group.group_name) # trigger the post hook from rhodecode.lib.hooks_base import log_create_repository_group repo_group = RepoGroup.get_by_group_name(group_name) log_create_repository_group( created_by=user.username, **repo_group.get_dict()) return new_repo_group except Exception: self.sa.rollback() log.exception('Exception occurred when creating repository group, ' 'doing cleanup...') # rollback things manually ! repo_group = RepoGroup.get_by_group_name(group_name) if repo_group: RepoGroup.delete(repo_group.group_id) self.sa.commit() if cleanup_group: RepoGroupModel()._delete_filesystem_group(repo_group) raise