def has_perm(self, users_group, perm):
users_group = self.__get_users_group(users_group)
perm = self._get_perm(perm)
return UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.filter(UserGroupToPerm.permission == perm).scalar() is not None
def grant_perm(self, users_group, perm):
users_group = self.__get_users_group(users_group)
perm = self._get_perm(perm)
# if this permission is already granted skip it
_perm = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.filter(UserGroupToPerm.permission == perm)\
.scalar()
if _perm:
return
new = UserGroupToPerm()
new.users_group = users_group
new.permission = perm
self.sa.add(new)
def revoke_perm(self, users_group, perm):
users_group = self.__get_users_group(users_group)
perm = self._get_perm(perm)
obj = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.filter(UserGroupToPerm.permission == perm).scalar()
if obj:
self.sa.delete(obj)
def _test_def_user_group_perm_equal(self,
user_group,
change_factor=0,
compare_keys=None):
perms = UserGroupToPerm.query().filter(
UserGroupToPerm.users_group == user_group).all()
assert len(perms) == \
len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor
if compare_keys:
assert set(x.permissions.permission_name
for x in perms) == compare_keys
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
users_group = UserGroup.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
users_group.inherit_default_permissions = inherit_perms
Session().add(users_group)
usergroup_model = UserGroupModel()
defs = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
usergroup_model.grant_perm(id, 'hg.create.repository')
else:
usergroup_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
else:
usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
usergroup_model.grant_perm(id, 'hg.fork.repository')
else:
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_users_group', id=id))
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
users_group = UserGroup.get_or_404(id)
try:
form = CustomDefaultPermissionsForm()()
form_result = form.to_python(request.POST)
inherit_perms = form_result['inherit_default_permissions']
users_group.inherit_default_permissions = inherit_perms
Session().add(users_group)
usergroup_model = UserGroupModel()
defs = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.all()
for ug in defs:
Session().delete(ug)
if form_result['create_repo_perm']:
usergroup_model.grant_perm(id, 'hg.create.repository')
else:
usergroup_model.grant_perm(id, 'hg.create.none')
if form_result['create_user_group_perm']:
usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
else:
usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
if form_result['fork_repo_perm']:
usergroup_model.grant_perm(id, 'hg.fork.repository')
else:
usergroup_model.grant_perm(id, 'hg.fork.none')
h.flash(_("Updated permissions"), category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(url('edit_users_group', id=id))
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(url('users_groups'), {
'users_group_name': users_group_name,
'active': True
})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'Created user group %s' % users_group_name)
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[
x.users_group_id,
x.permission_id,
] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]]))
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[
x.users_group_id,
x.permission_id,
] for x in perms]
self.assertEqual(perms, [])
def _make_new_user_group_perm(self, user_group, perm_name):
log.debug('Creating new user group permission:%s', perm_name)
new = UserGroupToPerm()
new.users_group = user_group
new.permission = Permission.get_by_key(perm_name)
return new
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'active': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'Created user group %s' % users_group_name)
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
)
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{})
response.follow()
ug = UserGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.usergroup.create.false')
p3 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id],
[ug.users_group_id, p3.permission_id]])
)
# DELETE !
ug = UserGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = Session().query(UserGroup)\
.filter(UserGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group_id == ugid).all()
perms = [[x.users_group_id,
x.permission_id, ] for x in perms]
self.assertEqual(
perms,
[]
)
