Exemplo n.º 1
0
    def step_12(self):
        self.klass.create_permissions()
        Session().commit()

        self.klass.populate_default_permissions()
        Session().commit()

        #fix all usergroups
        ug_model = UserGroupModel()
        for ug in UserGroup.get_all():
            perm_obj = ug_model._create_default_perms(ug)
            Session().add(perm_obj)
        Session().commit()

        adm = User.get_first_admin()
        # fix owners of UserGroup
        for ug in Session().query(UserGroup).all():
            ug.user_id = adm.user_id
            Session().add(ug)
        Session().commit()

        # fix owners of RepoGroup
        for ug in Session().query(RepoGroup).all():
            ug.user_id = adm.user_id
            Session().add(ug)
        Session().commit()
Exemplo n.º 2
0
    def delete_user_group_perm_member(self, id):
        """
        DELETE an existing repository group permission user

        :param group_name:
        """
        try:
            obj_type = request.POST.get('obj_type')
            obj_id = None
            if obj_type == 'user':
                obj_id = safe_int(request.POST.get('user_id'))
            elif obj_type == 'user_group':
                obj_id = safe_int(request.POST.get('user_group_id'))

            if not c.rhodecode_user.is_admin:
                if obj_type == 'user' and c.rhodecode_user.user_id == obj_id:
                    msg = _('Cannot revoke permission for yourself as admin')
                    h.flash(msg, category='warning')
                    raise Exception('revoke admin permission on self')
            if obj_type == 'user':
                UserGroupModel().revoke_user_permission(user_group=id,
                                                        user=obj_id)
            elif obj_type == 'user_group':
                UserGroupModel().revoke_users_group_permission(
                    target_user_group=id, user_group=obj_id)
            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during revoking of permission'),
                    category='error')
            raise HTTPInternalServerError()
Exemplo n.º 3
0
    def test_propagated_permission_from_users_group(self):
        # make group
        self.ug1 = UserGroupModel().create('G1')
        # add user to group

        UserGroupModel().add_user_to_group(self.ug1, self.u3)

        # grant perm for group this should override default permission from user
        new_perm_gr = 'repository.write'
        RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                 group_name=self.ug1,
                                                 perm=new_perm_gr)
        # check perms
        u3_auth = AuthUser(user_id=self.u3.user_id)
        perms = {
            'repositories_groups': {},
            'global':
            set([
                u'hg.create.repository', u'repository.read',
                u'hg.register.manual_activate'
            ]),
            'repositories': {
                u'vcs_test_hg': u'repository.read'
            }
        }
        self.assertEqual(u3_auth.permissions['repositories'][HG_REPO],
                         new_perm_gr)
        self.assertEqual(u3_auth.permissions['repositories_groups'],
                         perms['repositories_groups'])
Exemplo n.º 4
0
    def __load_defaults(self, user_group_id):
        """
        Load defaults settings for edit, and update

        :param user_group_id:
        """
        user_group = UserGroup.get_or_404(user_group_id)
        data = user_group.get_dict()

        ug_model = UserGroupModel()

        data.update({
            'create_repo_perm': ug_model.has_perm(user_group,
                                                  'hg.create.repository'),
            'create_user_group_perm': ug_model.has_perm(user_group,
                                                  'hg.usergroup.create.true'),
            'fork_repo_perm': ug_model.has_perm(user_group,
                                                'hg.fork.repository'),
        })

        # fill user group users
        for p in user_group.user_user_group_to_perm:
            data.update({'u_perm_%s' % p.user.username:
                             p.permission.permission_name})

        for p in user_group.user_group_user_group_to_perm:
            data.update({'g_perm_%s' % p.user_group.users_group_name:
                             p.permission.permission_name})

        return data
Exemplo n.º 5
0
    def create_users_group(self,
                           apiuser,
                           group_name,
                           owner=Optional(OAttr('apiuser')),
                           active=Optional(True)):
        """
        Creates an new usergroup

        :param apiuser:
        :param group_name:
        :param owner:
        :param active:
        """

        if UserGroupModel().get_by_name(group_name):
            raise JSONRPCError("user group `%s` already exist" % group_name)

        try:
            if isinstance(owner, Optional):
                owner = apiuser.user_id

            owner = get_user_or_error(owner)
            active = Optional.extract(active)
            ug = UserGroupModel().create(name=group_name,
                                         owner=owner,
                                         active=active)
            Session().commit()
            return dict(msg='created new user group `%s`' % group_name,
                        users_group=ug.get_api_data())
        except Exception:
            log.error(traceback.format_exc())
            raise JSONRPCError('failed to create group `%s`' % group_name)
Exemplo n.º 6
0
    def step_12(self):
        self.klass.create_permissions()
        Session().commit()

        self.klass.populate_default_permissions()
        Session().commit()

        #fix all usergroups
        ug_model = UserGroupModel()
        for ug in UserGroup.get_all():
            perm_obj = ug_model._create_default_perms(ug)
            Session().add(perm_obj)
        Session().commit()

        adm = User.get_first_admin()
        # fix owners of UserGroup
        for ug in Session().query(UserGroup).all():
            ug.user_id = adm.user_id
            Session().add(ug)
        Session().commit()

        # fix owners of RepoGroup
        for ug in Session().query(RepoGroup).all():
            ug.user_id = adm.user_id
            Session().add(ug)
        Session().commit()
Exemplo n.º 7
0
    def __load_defaults(self, user_group_id):
        """
        Load defaults settings for edit, and update

        :param user_group_id:
        """
        user_group = UserGroup.get_or_404(user_group_id)
        data = user_group.get_dict()

        ug_model = UserGroupModel()

        data.update({
            'create_repo_perm':
            ug_model.has_perm(user_group, 'hg.create.repository'),
            'create_user_group_perm':
            ug_model.has_perm(user_group, 'hg.usergroup.create.true'),
            'fork_repo_perm':
            ug_model.has_perm(user_group, 'hg.fork.repository'),
        })

        # fill user group users
        for p in user_group.user_user_group_to_perm:
            data.update(
                {'u_perm_%s' % p.user.username: p.permission.permission_name})

        for p in user_group.user_group_user_group_to_perm:
            data.update({
                'g_perm_%s' % p.user_group.users_group_name:
                p.permission.permission_name
            })

        return data
Exemplo n.º 8
0
    def create_users_group(self, apiuser, group_name,
                           owner=Optional(OAttr('apiuser')),
                           active=Optional(True)):
        """
        Creates an new usergroup

        :param apiuser:
        :param group_name:
        :param owner:
        :param active:
        """

        if UserGroupModel().get_by_name(group_name):
            raise JSONRPCError("user group `%s` already exist" % group_name)

        try:
            if isinstance(owner, Optional):
                owner = apiuser.user_id

            owner = get_user_or_error(owner)
            active = Optional.extract(active)
            ug = UserGroupModel().create(name=group_name,
                                         owner=owner,
                                         active=active)
            Session().commit()
            return dict(
                msg='created new user group `%s`' % group_name,
                users_group=ug.get_api_data()
            )
        except Exception:
            log.error(traceback.format_exc())
            raise JSONRPCError('failed to create group `%s`' % group_name)
Exemplo n.º 9
0
    def test_repo_group_user_as_user_group_member(self):
        # create Group1
        self.g1 = fixture.create_group('group1', skip_if_exists=True)
        a1_auth = AuthUser(user_id=self.anon.user_id)

        self.assertEqual(a1_auth.permissions['repositories_groups'],
                         {u'group1': u'group.read'})

        # set default permission to none
        ReposGroupModel().grant_user_permission(repos_group=self.g1,
                                                user=self.anon,
                                                perm='group.none')
        # make group
        self.ug1 = UserGroupModel().create('G1')
        # add user to group
        UserGroupModel().add_user_to_group(self.ug1, self.u1)
        Session().commit()

        # check if user is in the group
        membrs = [
            x.user_id
            for x in UserGroupModel().get(self.ug1.users_group_id).members
        ]
        self.assertEqual(membrs, [self.u1.user_id])
        # add some user to that group

        # check his permissions
        a1_auth = AuthUser(user_id=self.anon.user_id)
        self.assertEqual(a1_auth.permissions['repositories_groups'],
                         {u'group1': u'group.none'})

        u1_auth = AuthUser(user_id=self.u1.user_id)
        self.assertEqual(u1_auth.permissions['repositories_groups'],
                         {u'group1': u'group.none'})

        # grant ug1 read permissions for
        ReposGroupModel().grant_users_group_permission(repos_group=self.g1,
                                                       group_name=self.ug1,
                                                       perm='group.read')
        Session().commit()
        # check if the
        obj = Session().query(UserGroupRepoGroupToPerm)\
            .filter(UserGroupRepoGroupToPerm.group == self.g1)\
            .filter(UserGroupRepoGroupToPerm.users_group == self.ug1)\
            .scalar()
        self.assertEqual(obj.permission.permission_name, 'group.read')

        a1_auth = AuthUser(user_id=self.anon.user_id)

        self.assertEqual(a1_auth.permissions['repositories_groups'],
                         {u'group1': u'group.none'})

        u1_auth = AuthUser(user_id=self.u1.user_id)
        self.assertEqual(u1_auth.permissions['repositories_groups'],
                         {u'group1': u'group.read'})
Exemplo n.º 10
0
    def remove_user_from_users_group(self, apiuser, usersgroupid, userid):
        """
        Remove user from a group

        :param apiuser:
        :param usersgroupid:
        :param userid:
        """
        user = get_user_or_error(userid)
        users_group = get_users_group_or_error(usersgroupid)

        try:
            success = UserGroupModel().remove_user_from_group(users_group,
                                                               user)
            msg = 'removed member `%s` from user group `%s`' % (
                        user.username, users_group.users_group_name
                    )
            msg = msg if success else "User wasn't in group"
            Session().commit()
            return dict(success=success, msg=msg)
        except Exception:
            log.error(traceback.format_exc())
            raise JSONRPCError(
                'failed to remove member from user group `%s`' % (
                        users_group.users_group_name
                    )
            )
Exemplo n.º 11
0
    def add_user_to_users_group(self, apiuser, usersgroupid, userid):
        """"
        Add a user to a user group

        :param apiuser:
        :param usersgroupid:
        :param userid:
        """
        user = get_user_or_error(userid)
        users_group = get_users_group_or_error(usersgroupid)

        try:
            ugm = UserGroupModel().add_user_to_group(users_group, user)
            success = True if ugm != True else False
            msg = 'added member `%s` to user group `%s`' % (
                        user.username, users_group.users_group_name
                    )
            msg = msg if success else 'User is already in that group'
            Session().commit()

            return dict(
                success=success,
                msg=msg
            )
        except Exception:
            log.error(traceback.format_exc())
            raise JSONRPCError(
                'failed to add member to user group `%s`' % (
                    users_group.users_group_name
                )
            )
Exemplo n.º 12
0
    def update(self, id):
        """PUT /users_groups/id: Update an existing item"""
        # Forms posted to this method should contain a hidden field:
        #    <input type="hidden" name="_method" value="PUT" />
        # Or using helpers:
        #    h.form(url('users_group', id=ID),
        #           method='put')
        # url('users_group', id=ID)

        c.users_group = UserGroup.get_or_404(id)
        self._load_data(id)

        available_members = [safe_unicode(x[0]) for x in c.available_members]

        users_group_form = UserGroupForm(edit=True,
                                         old_data=c.users_group.get_dict(),
                                         available_members=available_members)()

        try:
            form_result = users_group_form.to_python(request.POST)
            UserGroupModel().update(c.users_group, form_result)
            gr = form_result['users_group_name']
            action_logger(self.rhodecode_user,
                          'admin_updated_users_group:%s' % gr, None,
                          self.ip_addr, self.sa)
            h.flash(_('Updated user group %s') % gr, category='success')
            Session().commit()
        except formencode.Invalid, errors:
            ug_model = UserGroupModel()
            defaults = errors.value
            e = errors.error_dict or {}
            defaults.update({
                'create_repo_perm':
                ug_model.has_perm(id, 'hg.create.repository'),
                'fork_repo_perm':
                ug_model.has_perm(id, 'hg.fork.repository'),
                '_method':
                'put'
            })

            return htmlfill.render(
                render('admin/users_groups/users_group_edit.html'),
                defaults=defaults,
                errors=e,
                prefix_error=False,
                encoding="UTF-8")
Exemplo n.º 13
0
    def update(self, id):
        """PUT /users_groups/id: Update an existing item"""
        # Forms posted to this method should contain a hidden field:
        #    <input type="hidden" name="_method" value="PUT" />
        # Or using helpers:
        #    h.form(url('users_group', id=ID),
        #           method='put')
        # url('users_group', id=ID)

        c.users_group = UserGroup.get_or_404(id)
        self.__load_data(id)

        available_members = [safe_unicode(x[0]) for x in c.available_members]

        users_group_form = UserGroupForm(edit=True,
                                          old_data=c.users_group.get_dict(),
                                          available_members=available_members)()

        try:
            form_result = users_group_form.to_python(request.POST)
            UserGroupModel().update(c.users_group, form_result)
            gr = form_result['users_group_name']
            action_logger(self.rhodecode_user,
                          'admin_updated_users_group:%s' % gr,
                          None, self.ip_addr, self.sa)
            h.flash(_('Updated user group %s') % gr, category='success')
            Session().commit()
        except formencode.Invalid, errors:
            ug_model = UserGroupModel()
            defaults = errors.value
            e = errors.error_dict or {}
            defaults.update({
                'create_repo_perm': ug_model.has_perm(id,
                                                      'hg.create.repository'),
                'fork_repo_perm': ug_model.has_perm(id,
                                                    'hg.fork.repository'),
                '_method': 'put'
            })

            return htmlfill.render(
                render('admin/users_groups/users_group_edit.html'),
                defaults=defaults,
                errors=e,
                prefix_error=False,
                encoding="UTF-8")
Exemplo n.º 14
0
def setup_module():
    global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms
    test_u2 = _create_project_tree()
    Session().commit()
    test_u2_id = test_u2.user_id

    gr1 = UserGroupModel().create(name='perms_group_1')
    Session().commit()
    test_u2_gr_id = gr1.users_group_id
    UserGroupModel().add_user_to_group(gr1, user=test_u2_id)
    Session().commit()

    _get_repo_perms = functools.partial(_get_perms,
                                        key='repositories',
                                        test_u1_id=test_u2_id)
    _get_group_perms = functools.partial(_get_perms,
                                         key='repositories_groups',
                                         test_u1_id=test_u2_id)
Exemplo n.º 15
0
def get_users_group_or_error(usersgroupid):
    """
    Get user group by id or name or return JsonRPCError if not found

    :param userid:
    """
    users_group = UserGroupModel().get_group(usersgroupid)
    if users_group is None:
        raise JSONRPCError('user group `%s` does not exist' % usersgroupid)
    return users_group
Exemplo n.º 16
0
    def test_ValidUserGroup(self):
        validator = v.ValidUserGroup()
        self.assertRaises(formencode.Invalid, validator.to_python, 'default')
        self.assertRaises(formencode.Invalid, validator.to_python, '.,')

        gr = fixture.create_user_group('test')
        gr2 = fixture.create_user_group('tes2')
        Session().commit()
        self.assertRaises(formencode.Invalid, validator.to_python, 'test')
        assert gr.users_group_id is not None
        validator = v.ValidUserGroup(
            edit=True, old_data={'users_group_id': gr2.users_group_id})

        self.assertRaises(formencode.Invalid, validator.to_python, 'test')
        self.assertRaises(formencode.Invalid, validator.to_python, 'TesT')
        self.assertRaises(formencode.Invalid, validator.to_python, 'TEST')
        UserGroupModel().delete(gr)
        UserGroupModel().delete(gr2)
        Session().commit()
Exemplo n.º 17
0
    def get_users_groups(self, apiuser):
        """"
        Get all user groups

        :param apiuser:
        """

        result = []
        for users_group in UserGroupModel().get_all():
            result.append(users_group.get_api_data())
        return result
Exemplo n.º 18
0
    def test_propagated_permission_from_users_group_by_explicit_perms_exist(
            self):
        # make group
        self.ug1 = UserGroupModel().create('G1')
        # add user to group

        UserGroupModel().add_user_to_group(self.ug1, self.u1)

        # set permission to lower
        new_perm = 'repository.none'
        RepoModel().grant_user_permission(repo=HG_REPO,
                                          user=self.u1,
                                          perm=new_perm)
        Session().commit()
        u1_auth = AuthUser(user_id=self.u1.user_id)
        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                         new_perm)

        # grant perm for group this should not override permission from user
        # since it has explicitly set
        new_perm_gr = 'repository.write'
        RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                 group_name=self.ug1,
                                                 perm=new_perm_gr)
        # check perms
        u1_auth = AuthUser(user_id=self.u1.user_id)
        perms = {
            'repositories_groups': {},
            'global':
            set([
                u'hg.create.repository', u'repository.read',
                u'hg.register.manual_activate'
            ]),
            'repositories': {
                u'vcs_test_hg': u'repository.read'
            }
        }
        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                         new_perm)
        self.assertEqual(u1_auth.permissions['repositories_groups'],
                         perms['repositories_groups'])
Exemplo n.º 19
0
    def test_create_and_remove(self):
        usr = UserModel().create_or_update(username=u'test_user',
                                           password=u'qweqwe',
                                     email=u'*****@*****.**',
                                     firstname=u'u1', lastname=u'u1')
        Session().commit()
        self.assertEqual(User.get_by_username(u'test_user'), usr)

        # make user group
        users_group = UserGroupModel().create('some_example_group')
        Session().commit()

        UserGroupModel().add_user_to_group(users_group, usr)
        Session().commit()

        self.assertEqual(UserGroup.get(users_group.users_group_id), users_group)
        self.assertEqual(UserGroupMember.query().count(), 1)
        UserModel().delete(usr.user_id)
        Session().commit()

        self.assertEqual(UserGroupMember.query().all(), [])
Exemplo n.º 20
0
    def edit(self, id, format='html'):
        """GET /users_groups/id/edit: Form to edit an existing item"""
        # url('edit_users_group', id=ID)

        c.users_group = UserGroup.get_or_404(id)
        self._load_data(id)

        ug_model = UserGroupModel()
        defaults = c.users_group.get_dict()
        defaults.update({
            'create_repo_perm':
            ug_model.has_perm(c.users_group, 'hg.create.repository'),
            'fork_repo_perm':
            ug_model.has_perm(c.users_group, 'hg.fork.repository'),
        })

        return htmlfill.render(
            render('admin/users_groups/users_group_edit.html'),
            defaults=defaults,
            encoding="UTF-8",
            force_defaults=False)
Exemplo n.º 21
0
    def test_owner_permissions_doesnot_get_overwritten_by_group(self):
        #create repo as USER,
        self.test_repo = fixture.create_repo(name='myownrepo',
                                             repo_type='hg',
                                             cur_user=self.u1)

        #he has permissions of admin as owner
        u1_auth = AuthUser(user_id=self.u1.user_id)
        self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
                         'repository.admin')
        #set his permission as user group, he should still be admin
        self.ug1 = UserGroupModel().create('G1')
        # add user to group
        UserGroupModel().add_user_to_group(self.ug1, self.u1)
        RepoModel().grant_users_group_permission(self.test_repo,
                                                 group_name=self.ug1,
                                                 perm='repository.none')

        Session().commit()
        u1_auth = AuthUser(user_id=self.u1.user_id)
        self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
                         'repository.admin')
Exemplo n.º 22
0
    def edit(self, id, format='html'):
        """GET /users_groups/id/edit: Form to edit an existing item"""
        # url('edit_users_group', id=ID)

        c.users_group = UserGroup.get_or_404(id)
        self._load_data(id)

        ug_model = UserGroupModel()
        defaults = c.users_group.get_dict()
        defaults.update({
            'create_repo_perm': ug_model.has_perm(c.users_group,
                                                  'hg.create.repository'),
            'fork_repo_perm': ug_model.has_perm(c.users_group,
                                                'hg.fork.repository'),
        })

        return htmlfill.render(
            render('admin/users_groups/users_group_edit.html'),
            defaults=defaults,
            encoding="UTF-8",
            force_defaults=False
        )
Exemplo n.º 23
0
 def delete(self, id):
     """DELETE /users_groups/id: Delete an existing item"""
     # Forms posted to this method should contain a hidden field:
     #    <input type="hidden" name="_method" value="DELETE" />
     # Or using helpers:
     #    h.form(url('users_group', id=ID),
     #           method='delete')
     # url('users_group', id=ID)
     usr_gr = UserGroup.get_or_404(id)
     try:
         UserGroupModel().delete(usr_gr)
         Session().commit()
         h.flash(_('Successfully deleted user group'), category='success')
     except UserGroupsAssignedException, e:
         h.flash(e, category='error')
Exemplo n.º 24
0
 def create_user_group(self, name, **kwargs):
     if 'skip_if_exists' in kwargs:
         del kwargs['skip_if_exists']
         gr = UserGroup.get_by_group_name(group_name=name)
         if gr:
             return gr
     form_data = self._get_user_group_create_params(name, **kwargs)
     owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
     user_group = UserGroupModel().create(
         name=form_data['users_group_name'],
         owner=owner,
         active=form_data['users_group_active'])
     Session().commit()
     user_group = UserGroup.get_by_group_name(user_group.users_group_name)
     return user_group
Exemplo n.º 25
0
    def tearDown(self):
        if hasattr(self, 'test_repo'):
            RepoModel().delete(repo=self.test_repo)

        UserModel().delete(self.u1)
        UserModel().delete(self.u2)
        UserModel().delete(self.u3)
        UserModel().delete(self.a1)
        if hasattr(self, 'g1'):
            ReposGroupModel().delete(self.g1.group_id)
        if hasattr(self, 'g2'):
            ReposGroupModel().delete(self.g2.group_id)

        if hasattr(self, 'ug1'):
            UserGroupModel().delete(self.ug1, force=True)

        Session().commit()
Exemplo n.º 26
0
    def create(self):
        """POST /users_groups: Create a new item"""
        # url('users_groups')

        users_group_form = UserGroupForm()()
        try:
            form_result = users_group_form.to_python(dict(request.POST))
            UserGroupModel().create(name=form_result['users_group_name'],
                                    active=form_result['users_group_active'])
            gr = form_result['users_group_name']
            action_logger(self.rhodecode_user,
                          'admin_created_users_group:%s' % gr, None,
                          self.ip_addr, self.sa)
            h.flash(_('Created user group %s') % gr, category='success')
            Session().commit()
        except formencode.Invalid, errors:
            return htmlfill.render(
                render('admin/users_groups/users_group_add.html'),
                defaults=errors.value,
                errors=errors.error_dict or {},
                prefix_error=False,
                encoding="UTF-8")
Exemplo n.º 27
0
    def test_propagated_permission_from_users_group_lower_weight(self):
        # make group
        self.ug1 = fixture.create_user_group('G1')
        # add user to group
        UserGroupModel().add_user_to_group(self.ug1, self.u1)

        # set permission to lower
        new_perm_h = 'repository.write'
        RepoModel().grant_user_permission(repo=HG_REPO,
                                          user=self.u1,
                                          perm=new_perm_h)
        Session().commit()
        u1_auth = AuthUser(user_id=self.u1.user_id)
        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                         new_perm_h)

        # grant perm for group this should NOT override permission from user
        # since it's lower than granted
        new_perm_l = 'repository.read'
        RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                 group_name=self.ug1,
                                                 perm=new_perm_l)
        # check perms
        u1_auth = AuthUser(user_id=self.u1.user_id)
        perms = {
            'repositories_groups': {},
            'global':
            set([
                u'hg.create.repository', u'repository.read',
                u'hg.register.manual_activate'
            ]),
            'repositories': {
                u'vcs_test_hg': u'repository.write'
            }
        }
        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                         new_perm_h)
        self.assertEqual(u1_auth.permissions['repositories_groups'],
                         perms['repositories_groups'])
Exemplo n.º 28
0
    def set_user_group_perm_member(self, id):
        """
        grant permission for given usergroup

        :param id:
        """
        user_group = UserGroup.get_or_404(id)
        form = UserGroupPermsForm()().to_python(request.POST)

        # set the permissions !
        try:
            UserGroupModel()._update_permissions(user_group, form['perms_new'],
                                                 form['perms_updates'])
        except RepoGroupAssignmentError:
            h.flash(_('Target group cannot be the same'), category='error')
            return redirect(url('edit_users_group', id=id))
        #TODO: implement this
        #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
        #              repo_name, self.ip_addr, self.sa)
        Session().commit()
        h.flash(_('User Group permissions updated'), category='success')
        return redirect(url('edit_users_group', id=id))
Exemplo n.º 29
0
    def update_perm(self, id):
        """PUT /users_perm/id: Update an existing item"""
        # url('users_group_perm', id=ID, method='put')

        users_group = UserGroup.get_or_404(id)
        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
        inherit_perms = str2bool(
            request.POST.get('inherit_default_permissions'))

        usergroup_model = UserGroupModel()

        try:
            users_group.inherit_default_permissions = inherit_perms
            Session().add(users_group)

            if grant_create_perm:
                usergroup_model.revoke_perm(id, 'hg.create.none')
                usergroup_model.grant_perm(id, 'hg.create.repository')
                h.flash(
                    _("Granted 'repository create' permission to user group"),
                    category='success')
            else:
                usergroup_model.revoke_perm(id, 'hg.create.repository')
                usergroup_model.grant_perm(id, 'hg.create.none')
                h.flash(
                    _("Revoked 'repository create' permission to user group"),
                    category='success')

            if grant_fork_perm:
                usergroup_model.revoke_perm(id, 'hg.fork.none')
                usergroup_model.grant_perm(id, 'hg.fork.repository')
                h.flash(
                    _("Granted 'repository fork' permission to user group"),
                    category='success')
            else:
                usergroup_model.revoke_perm(id, 'hg.fork.repository')
                usergroup_model.grant_perm(id, 'hg.fork.none')
                h.flash(
                    _("Revoked 'repository fork' permission to user group"),
                    category='success')

            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during permissions saving'),
                    category='error')

        return redirect(url('edit_users_group', id=id))
Exemplo n.º 30
0
    def update_perm(self, id):
        """PUT /users_perm/id: Update an existing item"""
        # url('users_group_perm', id=ID, method='put')

        users_group = UserGroup.get_or_404(id)
        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
        inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))

        usergroup_model = UserGroupModel()

        try:
            users_group.inherit_default_permissions = inherit_perms
            Session().add(users_group)

            if grant_create_perm:
                usergroup_model.revoke_perm(id, 'hg.create.none')
                usergroup_model.grant_perm(id, 'hg.create.repository')
                h.flash(_("Granted 'repository create' permission to user group"),
                        category='success')
            else:
                usergroup_model.revoke_perm(id, 'hg.create.repository')
                usergroup_model.grant_perm(id, 'hg.create.none')
                h.flash(_("Revoked 'repository create' permission to user group"),
                        category='success')

            if grant_fork_perm:
                usergroup_model.revoke_perm(id, 'hg.fork.none')
                usergroup_model.grant_perm(id, 'hg.fork.repository')
                h.flash(_("Granted 'repository fork' permission to user group"),
                        category='success')
            else:
                usergroup_model.revoke_perm(id, 'hg.fork.repository')
                usergroup_model.grant_perm(id, 'hg.fork.none')
                h.flash(_("Revoked 'repository fork' permission to user group"),
                        category='success')

            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during permissions saving'),
                    category='error')

        return redirect(url('edit_users_group', id=id))
Exemplo n.º 31
0
    def update_perm(self, id):
        """PUT /users_perm/id: Update an existing item"""
        # url('users_group_perm', id=ID, method='put')

        users_group = UserGroup.get_or_404(id)

        try:
            form = CustomDefaultPermissionsForm()()
            form_result = form.to_python(request.POST)

            inherit_perms = form_result['inherit_default_permissions']
            users_group.inherit_default_permissions = inherit_perms
            Session().add(users_group)
            usergroup_model = UserGroupModel()

            defs = UserGroupToPerm.query()\
                .filter(UserGroupToPerm.users_group == users_group)\
                .all()
            for ug in defs:
                Session().delete(ug)

            if form_result['create_repo_perm']:
                usergroup_model.grant_perm(id, 'hg.create.repository')
            else:
                usergroup_model.grant_perm(id, 'hg.create.none')
            if form_result['create_user_group_perm']:
                usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
            else:
                usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
            if form_result['fork_repo_perm']:
                usergroup_model.grant_perm(id, 'hg.fork.repository')
            else:
                usergroup_model.grant_perm(id, 'hg.fork.none')

            h.flash(_("Updated permissions"), category='success')
            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during permissions saving'),
                    category='error')

        return redirect(url('edit_users_group', id=id))
Exemplo n.º 32
0
    def update_perm(self, id):
        """PUT /users_perm/id: Update an existing item"""
        # url('users_group_perm', id=ID, method='put')

        users_group = UserGroup.get_or_404(id)

        try:
            form = CustomDefaultPermissionsForm()()
            form_result = form.to_python(request.POST)

            inherit_perms = form_result['inherit_default_permissions']
            users_group.inherit_default_permissions = inherit_perms
            Session().add(users_group)
            usergroup_model = UserGroupModel()

            defs = UserGroupToPerm.query()\
                .filter(UserGroupToPerm.users_group == users_group)\
                .all()
            for ug in defs:
                Session().delete(ug)

            if form_result['create_repo_perm']:
                usergroup_model.grant_perm(id, 'hg.create.repository')
            else:
                usergroup_model.grant_perm(id, 'hg.create.none')
            if form_result['create_user_group_perm']:
                usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
            else:
                usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
            if form_result['fork_repo_perm']:
                usergroup_model.grant_perm(id, 'hg.fork.repository')
            else:
                usergroup_model.grant_perm(id, 'hg.fork.none')

            h.flash(_("Updated permissions"), category='success')
            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during permissions saving'),
                    category='error')

        return redirect(url('edit_users_group', id=id))