def is_owner_or_teamAdmin(self, repo, user):
if repo.user_id == user.id:
return True
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(repo.user_id, user.id)
if teamMember and teamMember.has_admin_rights():
return True
return False
def group_add_member(request, username):
teamUser = GsuserManager.get_user_by_name(username)
team_group_id = int(request.POST.get('team_group_id', '0'))
teamGroup = TeamManager.get_teamGroup_by_id(team_group_id)
if not teamGroup or teamGroup.team_user_id != teamUser.id:
return _response_not_manage_rights(request)
member_username = request.POST.get('member_username', '')
member_user = GsuserManager.get_user_by_name(member_username)
if not member_user:
return json_failed(500, u'没有该用户名')
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
teamUser.id, member_user.id)
if not teamMember:
return json_failed(
500,
u'用户 %s 还没有加入团队帐号 %s' % (member_user.username, teamUser.username))
groupMember = TeamManager.get_groupMember_by_teamGroupId_memberUserId(
teamGroup.id, member_user.id)
if groupMember:
return json_success(u'用户 %s 已经在该组' % member_user.username)
groupMember = GroupMember(team_user_id=teamUser.id,
group_id=teamGroup.id,
member_user_id=member_user.id)
groupMember.save()
return json_success(u'成功添加用户 %s 到组 %s' %
(member_user.username, teamGroup.name))
def is_owner_or_teamAdmin(self, repo, user):
if repo.user_id == user.id:
return True
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
repo.user_id, user.id)
if teamMember and teamMember.has_admin_rights():
return True
return False
def _get_teamMember_by_manageTeamMemberId(request):
teamMember_id = int(request.POST.get('teamMember_id', 0))
manage_teamMember = TeamManager.get_teamMember_by_id(teamMember_id)
if not manage_teamMember:
return None
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(manage_teamMember.team_user_id, request.user.id)
if not teamMember or not teamMember.has_admin_rights():
return (None, None)
return (manage_teamMember, teamMember)
def destroy(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(teamUser.id, request.user.id)
current = 'settings'; sub_nav = 'destroy'; title = u'%s / 设置 / 删除帐号' % (teamUser.username)
response_dictionary = {'current': current, 'title': title, 'sub_nav': sub_nav}
response_dictionary.update(_get_common_team_dict(request, teamUser, teamUserprofile))
return render_to_response('team/destroy.html',
response_dictionary,
context_instance=RequestContext(request))
def member_leave(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(teamUser.id, request.user.id)
teamMembers = TeamManager.list_teamMember_by_teamUserId(teamMember.team_user_id)
if _has_other_admin_teamMember(request, teamMember, teamMembers):
teamMember.visibly = 1
teamMember.save()
return json_success(u'用户退出成功')
return json_failed(500, u'用户退出失败,一个团队帐号至少需要保留一个管理员')
def _get_teamMember_by_manageTeamMemberId(request):
teamMember_id = int(request.POST.get('teamMember_id', 0))
manage_teamMember = TeamManager.get_teamMember_by_id(teamMember_id)
if not manage_teamMember:
return None
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
manage_teamMember.team_user_id, request.user.id)
if not teamMember or not teamMember.has_admin_rights():
return (None, None)
return (manage_teamMember, teamMember)
def switch(request, user_name, current_user_id):
current_user_id = int(current_user_id)
new_current_user_id = request.user.id
if current_user_id != request.user.id:
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(current_user_id, request.user.id)
if teamMember:
new_current_user_id = current_user_id
request.userprofile.current_user_id = new_current_user_id
request.userprofile.save()
return HttpResponseRedirect(request.urlRouter.route('/dashboard/'))
def member_leave(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
teamUser.id, request.user.id)
teamMembers = TeamManager.list_teamMember_by_teamUserId(
teamMember.team_user_id)
if _has_other_admin_teamMember(request, teamMember, teamMembers):
teamMember.visibly = 1
teamMember.save()
return json_success(u'用户退出成功')
return json_failed(500, u'用户退出失败,一个团队帐号至少需要保留一个管理员')
def _get_common_team_dict(request, teamUser, teamUserprofile):
has_admin_rights = False
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
teamUser.id, request.user.id)
if teamMember and teamMember.has_admin_rights():
has_admin_rights = True
return {
'teamUser': teamUser,
'teamUserprofile': teamUserprofile,
'has_admin_rights': has_admin_rights
}
def switch(request, user_name, current_user_id):
current_user_id = int(current_user_id)
new_current_user_id = request.user.id
if current_user_id != request.user.id:
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
current_user_id, request.user.id)
if teamMember:
new_current_user_id = current_user_id
request.userprofile.current_user_id = new_current_user_id
request.userprofile.save()
return HttpResponseRedirect(request.urlRouter.route('/dashboard/'))
def _get_team_user_userprofile(request, username):
current_user = GsuserManager.get_user_by_name(username)
if not current_user:
return (request.user, request.userprofile)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(current_user.id, request.user.id)
if not teamMember:
return (request.user, request.userprofile)
current_userprofile = GsuserManager.get_userprofile_by_id(current_user.id)
if current_userprofile:
return (current_user, current_userprofile)
return (request.user, request.userprofile)
def _get_team_user_userprofile(request, username):
current_user = GsuserManager.get_user_by_name(username)
if not current_user:
return (request.user, request.userprofile)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
current_user.id, request.user.id)
if not teamMember:
return (request.user, request.userprofile)
current_userprofile = GsuserManager.get_userprofile_by_id(current_user.id)
if current_userprofile:
return (current_user, current_userprofile)
return (request.user, request.userprofile)
def wrap(request, *args, **kwargs):
if len(args) >= 1:
username = args[0]
teamUser = GsuserManager.get_user_by_name(username)
if not teamUser:
return _response_not_admin_rights(request)
if not request.user.is_authenticated():
return HttpResponseRedirect('/login/?next=' + urlquote(request.path))
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(teamUser.id, request.user.id)
if not teamMember or not teamMember.has_admin_rights():
return _response_not_admin_rights(request)
return function(request, *args, **kwargs)
def destroy_confirm(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(teamUser.id, request.user.id)
teamRepos = RepoManager.list_repo_by_userId(teamUser.id, 0, 1000)
for teamRepo in teamRepos:
RepoManager.delete_repo(teamUser, teamUserprofile, teamRepo)
teamMembers = TeamManager.list_teamMember_by_teamUserId(teamUser.id)
for teamMember in teamMembers:
teamMember.visibly = 1
teamMember.save()
teamUser.delete()
teamUserprofile.visibly = 1
teamUserprofile.save()
return json_success(u'已经删除了团队帐号')
def wrap(request, *args, **kwargs):
if len(args) >= 1:
username = args[0]
teamUser = GsuserManager.get_user_by_name(username)
if not teamUser:
return _response_not_admin_rights(request)
if not request.user.is_authenticated():
return HttpResponseRedirect('/login/?next=' +
urlquote(request.path))
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
teamUser.id, request.user.id)
if not teamMember or not teamMember.has_admin_rights():
return _response_not_admin_rights(request)
return function(request, *args, **kwargs)
def repo(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
current = 'repo'; title = u'%s / 仓库列表' % (teamUser.username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(teamUser.id, request.user.id)
repos = []
# is team member
if teamMember:
repos = RepoManager.list_repo_by_userId(teamUser.id, 0, 1000)
else:
repos = RepoManager.list_unprivate_repo_by_userId(teamUser.id, 0, 1000)
response_dictionary = {'current': current, 'title': title, 'repos': repos}
response_dictionary.update(_get_common_team_dict(request, teamUser, teamUserprofile))
return render_to_response('team/repo.html',
response_dictionary,
context_instance=RequestContext(request))
def destroy_confirm(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
teamUser.id, request.user.id)
teamRepos = RepoManager.list_repo_by_userId(teamUser.id, 0, 1000)
for teamRepo in teamRepos:
RepoManager.delete_repo(teamUser, teamUserprofile, teamRepo)
teamMembers = TeamManager.list_teamMember_by_teamUserId(teamUser.id)
for teamMember in teamMembers:
teamMember.visibly = 1
teamMember.save()
teamUser.delete()
teamUserprofile.visibly = 1
teamUserprofile.save()
return json_success(u'已经删除了团队帐号')
def destroy(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
teamUser.id, request.user.id)
current = 'settings'
sub_nav = 'destroy'
title = u'%s / 设置 / 删除帐号' % (teamUser.username)
response_dictionary = {
'current': current,
'title': title,
'sub_nav': sub_nav
}
response_dictionary.update(
_get_common_team_dict(request, teamUser, teamUserprofile))
return render_to_response('team/destroy.html',
response_dictionary,
context_instance=RequestContext(request))
def repo(request, username):
(teamUser, teamUserprofile) = _get_team_user_userprofile(request, username)
current = 'repo'
title = u'%s / 仓库列表' % (teamUser.username)
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
teamUser.id, request.user.id)
repos = []
# is team member
if teamMember:
repos = RepoManager.list_repo_by_userId(teamUser.id, 0, 1000)
else:
repos = RepoManager.list_unprivate_repo_by_userId(teamUser.id, 0, 1000)
response_dictionary = {'current': current, 'title': title, 'repos': repos}
response_dictionary.update(
_get_common_team_dict(request, teamUser, teamUserprofile))
return render_to_response('team/repo.html',
response_dictionary,
context_instance=RequestContext(request))
def group_add_member(request, username):
teamUser = GsuserManager.get_user_by_name(username)
team_group_id = int(request.POST.get('team_group_id', '0'))
teamGroup = TeamManager.get_teamGroup_by_id(team_group_id)
if not teamGroup or teamGroup.team_user_id != teamUser.id:
return _response_not_manage_rights(request)
member_username = request.POST.get('member_username', '')
member_user = GsuserManager.get_user_by_name(member_username)
if not member_user:
return json_failed(500, u'没有该用户名')
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(teamUser.id, member_user.id)
if not teamMember:
return json_failed(500, u'用户 %s 还没有加入团队帐号 %s' % (member_user.username, teamUser.username))
groupMember = TeamManager.get_groupMember_by_teamGroupId_memberUserId(teamGroup.id, member_user.id)
if groupMember:
return json_success(u'用户 %s 已经在该组' % member_user.username)
groupMember = GroupMember(team_user_id=teamUser.id, group_id=teamGroup.id, member_user_id=member_user.id)
groupMember.save()
return json_success(u'成功添加用户 %s 到组 %s' % (member_user.username, teamGroup.name))
def keyauth(request, fingerprint, command):
command = command.strip()
last_blank_idx = command.rfind(' ')
if last_blank_idx == -1:
return not_git_command()
pre_command = command[0:last_blank_idx]
short_repo_path = command[last_blank_idx + 1:]
if pre_command == '' or '"' in pre_command or '\'' in pre_command or short_repo_path == '':
return not_git_command()
first_repo_char_idx = -1
slash_idx = -1
last_repo_char_idx = -1
for i in range(0, len(short_repo_path)):
schar = short_repo_path[i]
if first_repo_char_idx == -1 and re.match('\w', schar):
first_repo_char_idx = i
if schar == '/':
slash_idx = i
if re.match('[a-zA-Z0-9_\-]', schar):
last_repo_char_idx = i
if not (first_repo_char_idx > -1 and first_repo_char_idx < slash_idx
and slash_idx < last_repo_char_idx):
return not_git_command()
username = short_repo_path[first_repo_char_idx:slash_idx]
reponame = short_repo_path[slash_idx + 1:last_repo_char_idx + 1]
if reponame.endswith('.git'):
reponame = reponame[0:len(reponame) - 4]
if not (re.match('^[a-zA-Z0-9_\-]+$', username)
and RepoManager.is_allowed_reponame_pattern(reponame)):
return not_git_command()
user = GsuserManager.get_user_by_name(username)
if user is None:
return not_git_command()
userprofile = GsuserManager.get_userprofile_by_id(user.id)
if userprofile is None:
return not_git_command()
if userprofile.used_quote > userprofile.quote:
return not_git_command()
repo = RepoManager.get_repo_by_userId_name(user.id, reponame)
if repo is None:
return not_git_command()
quote = userprofile.quote
# author of the repo
userPubkey = KeyauthManager.get_userpubkey_by_userId_fingerprint(
user.id, fingerprint)
if userPubkey is not None:
return response_full_git_command(quote, pre_command, user, user, repo)
userpubkeys = KeyauthManager.list_userpubkey_by_fingerprint(fingerprint)
for userpubkey in userpubkeys:
# member of the repo
repoMember = RepoManager.get_repo_member(repo.id, userpubkey.user_id)
# member of the team user
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(
user.id, userpubkey.user_id)
if repoMember or teamMember:
pushUser = GsuserManager.get_user_by_id(userpubkey.user_id)
if 'git-receive-pack' in pre_command:
if RepoManager.is_allowed_access_repo(repo, pushUser,
REPO_PERMISSION.WRITE):
return response_full_git_command(quote, pre_command,
pushUser, user, repo)
elif RepoManager.is_allowed_access_repo(repo, pushUser,
REPO_PERMISSION.READ_ONLY):
return response_full_git_command(quote, pre_command, pushUser,
user, repo)
return not_git_command()
def keyauth(request, fingerprint, command):
command = command.strip()
last_blank_idx = command.rfind(' ')
if last_blank_idx == -1:
return not_git_command()
pre_command = command[0 : last_blank_idx]
short_repo_path = command[last_blank_idx+1 :]
if pre_command == '' or '"' in pre_command or '\'' in pre_command or short_repo_path == '':
return not_git_command()
first_repo_char_idx = -1
slash_idx = -1
last_repo_char_idx = -1
for i in range(0, len(short_repo_path)):
schar = short_repo_path[i]
if first_repo_char_idx == -1 and re.match('\w', schar):
first_repo_char_idx = i
if schar == '/':
slash_idx = i
if re.match('[a-zA-Z0-9_\-]', schar):
last_repo_char_idx = i
if not (first_repo_char_idx > -1 and first_repo_char_idx < slash_idx and slash_idx < last_repo_char_idx):
return not_git_command()
username = short_repo_path[first_repo_char_idx : slash_idx]
reponame = short_repo_path[slash_idx+1 : last_repo_char_idx+1]
if reponame.endswith('.git'):
reponame = reponame[0 : len(reponame)-4]
if not (re.match('^[a-zA-Z0-9_\-]+$', username) and RepoManager.is_allowed_reponame_pattern(reponame)):
return not_git_command()
user = GsuserManager.get_user_by_name(username)
if user is None:
return not_git_command()
userprofile = GsuserManager.get_userprofile_by_id(user.id)
if userprofile is None:
return not_git_command()
if userprofile.used_quote > userprofile.quote:
return not_git_command()
repo = RepoManager.get_repo_by_userId_name(user.id, reponame)
if repo is None:
return not_git_command()
quote = userprofile.quote
# author of the repo
userPubkey = KeyauthManager.get_userpubkey_by_userId_fingerprint(user.id, fingerprint)
if userPubkey is not None:
return response_full_git_command(quote, pre_command, user, user, repo)
userpubkeys = KeyauthManager.list_userpubkey_by_fingerprint(fingerprint)
for userpubkey in userpubkeys:
# member of the repo
repoMember = RepoManager.get_repo_member(repo.id, userpubkey.user_id)
# member of the team user
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(user.id, userpubkey.user_id)
if repoMember or teamMember:
pushUser = GsuserManager.get_user_by_id(userpubkey.user_id)
if 'git-receive-pack' in pre_command:
if RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.WRITE):
return response_full_git_command(quote, pre_command, pushUser, user, repo)
elif RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.READ_ONLY):
return response_full_git_command(quote, pre_command, pushUser, user, repo)
return not_git_command()
def _get_common_team_dict(request, teamUser, teamUserprofile):
has_admin_rights = False
teamMember = TeamManager.get_teamMember_by_teamUserId_userId(teamUser.id, request.user.id)
if teamMember and teamMember.has_admin_rights():
has_admin_rights = True
return {'teamUser': teamUser, 'teamUserprofile': teamUserprofile, 'has_admin_rights': has_admin_rights}