def grant_user_permission(self, repos_group, user, perm):
"""
Grant permission for user on given repository group, or update
existing one if found
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
repos_group = self._get_repo_group(repos_group)
user = self._get_user(user)
permission = self._get_perm(perm)
# check if we have that permission already
obj = self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == user)\
.filter(UserRepoGroupToPerm.group == repos_group)\
.scalar()
if obj is None:
# create new !
obj = UserRepoGroupToPerm()
obj.group = repos_group
obj.user = user
obj.permission = permission
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
def grant_user_permission(self, repos_group, user, perm):
"""
Grant permission for user on given repositories group, or update
existing one if found
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
repos_group = self.__get_repos_group(repos_group)
user = self.__get_user(user)
permission = self.__get_perm(perm)
# check if we have that permission already
obj = self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == user)\
.filter(UserRepoGroupToPerm.group == repos_group)\
.scalar()
if obj is None:
# create new !
obj = UserRepoGroupToPerm()
obj.group = repos_group
obj.user = user
obj.permission = permission
self.sa.add(obj)
def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm = UserRepoGroupToPerm()
repo_group_to_perm.permission = Permission.get_by_key(default_perm)
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = def_user.user_id
return repo_group_to_perm
def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm = UserRepoGroupToPerm()
repo_group_to_perm.permission = Permission.get_by_key(default_perm)
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = def_user.user_id
return repo_group_to_perm
def _create_default_perms(self, new_group):
# create default permission
repo_group_to_perm = UserRepoGroupToPerm()
default_perm = 'group.read'
for p in User.get_by_username('default').user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm.permission_id = self.sa.query(Permission)\
.filter(Permission.permission_name == default_perm)\
.one().permission_id
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = User.get_by_username('default').user_id
self.sa.add(repo_group_to_perm)
def _create_default_perms(self, new_group):
# create default permission
repo_group_to_perm = UserRepoGroupToPerm()
default_perm = 'group.read'
for p in User.get_by_username('default').user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm.permission_id = self.sa.query(Permission)\
.filter(Permission.permission_name == default_perm)\
.one().permission_id
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = User.get_by_username('default').user_id
self.sa.add(repo_group_to_perm)
def fixup_groups(self):
def_usr = User.get_by_username('default')
for g in RepoGroup.query().all():
g.group_name = g.get_new_name(g.name)
self.sa.add(g)
# get default perm
default = UserRepoGroupToPerm.query()\
.filter(UserRepoGroupToPerm.group == g)\
.filter(UserRepoGroupToPerm.user == def_usr)\
.scalar()
if default is None:
log.debug('missing default permission for group %s adding' % g)
ReposGroupModel()._create_default_perms(g)
def fixup_groups(self):
def_usr = User.get_by_username('default')
for g in RepoGroup.query().all():
g.group_name = g.get_new_name(g.name)
self.sa.add(g)
# get default perm
default = UserRepoGroupToPerm.query()\
.filter(UserRepoGroupToPerm.group == g)\
.filter(UserRepoGroupToPerm.user == def_usr)\
.scalar()
if default is None:
log.debug('missing default permission for group %s adding' % g)
ReposGroupModel()._create_default_perms(g)
def _create_repo(self,
repo_name,
repo_type,
description,
owner,
private=False,
clone_uri=None,
repo_group=None,
landing_rev='rev:tip',
fork_of=None,
copy_fork_permissions=False,
enable_statistics=False,
enable_locking=False,
enable_downloads=False,
copy_group_permissions=False,
state=Repository.STATE_PENDING):
"""
Create repository inside database with PENDING state, this should be
only executed by create() repo. With exception of importing existing
repos
"""
from rhodecode.model.scm import ScmModel
owner = self._get_user(owner)
fork_of = self._get_repo(fork_of)
repo_group = self._get_repo_group(safe_int(repo_group))
try:
repo_name = safe_unicode(repo_name)
description = safe_unicode(description)
# repo name is just a name of repository
# while repo_name_full is a full qualified name that is combined
# with name and path of group
repo_name_full = repo_name
repo_name = repo_name.split(Repository.NAME_SEP)[-1]
new_repo = Repository()
new_repo.repo_state = state
new_repo.enable_statistics = False
new_repo.repo_name = repo_name_full
new_repo.repo_type = repo_type
new_repo.user = owner
new_repo.group = repo_group
new_repo.description = description or repo_name
new_repo.private = private
new_repo.clone_uri = clone_uri
new_repo.landing_rev = landing_rev
new_repo.enable_statistics = enable_statistics
new_repo.enable_locking = enable_locking
new_repo.enable_downloads = enable_downloads
if repo_group:
new_repo.enable_locking = repo_group.enable_locking
if fork_of:
parent_repo = fork_of
new_repo.fork = parent_repo
self.sa.add(new_repo)
EMPTY_PERM = 'repository.none'
if fork_of and copy_fork_permissions:
repo = fork_of
user_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UserGroupRepoToPerm.query() \
.filter(UserGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo, perm.permission)
for perm in group_perms:
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm.permission)
# in case we copy permissions and also set this repo to private
# override the default user permission to make it a private
# repo
if private:
RepoModel(self.sa).grant_user_permission(
repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM)
elif repo_group and copy_group_permissions:
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == repo_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == repo_group).all()
for perm in user_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserRepoToPerm.create(perm.user, new_repo, perm_obj)
for perm in group_perms:
perm_name = perm.permission.permission_name.replace(
'group.', 'repository.')
perm_obj = Permission.get_by_key(perm_name)
UserGroupRepoToPerm.create(perm.users_group, new_repo,
perm_obj)
if private:
RepoModel(self.sa).grant_user_permission(
repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM)
else:
perm_obj = self._create_default_perms(new_repo, private)
self.sa.add(perm_obj)
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
owner.user_id)
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
self.sa.flush()
return new_repo
except Exception:
log.error(traceback.format_exc())
raise
def create(self, group_name, group_description, owner, just_db=False,
copy_permissions=False, commit_early=True):
(group_name_cleaned,
parent_group_name) = RepoGroupModel()._get_group_name_and_parent(group_name)
parent_group = None
if parent_group_name:
parent_group = self._get_repo_group(parent_group_name)
# becase we are doing a cleanup, we need to check if such directory
# already exists. If we don't do that we can accidentally delete existing
# directory via cleanup that can cause data issues, since delete does a
# folder rename to special syntax later cleanup functions can delete this
cleanup_group = self.check_exist_filesystem(group_name,
exc_on_failure=False)
try:
user = self._get_user(owner)
new_repo_group = RepoGroup()
new_repo_group.user = user
new_repo_group.group_description = group_description or group_name
new_repo_group.parent_group = parent_group
new_repo_group.group_name = group_name
self.sa.add(new_repo_group)
# create an ADMIN permission for owner except if we're super admin,
# later owner should go into the owner field of groups
if not user.is_admin:
self.grant_user_permission(repo_group=new_repo_group,
user=owner, perm='group.admin')
if parent_group and copy_permissions:
# copy permissions from parent
user_perms = UserRepoGroupToPerm.query() \
.filter(UserRepoGroupToPerm.group == parent_group).all()
group_perms = UserGroupRepoGroupToPerm.query() \
.filter(UserGroupRepoGroupToPerm.group == parent_group).all()
for perm in user_perms:
# don't copy over the permission for user who is creating
# this group, if he is not super admin he get's admin
# permission set above
if perm.user != user or user.is_admin:
UserRepoGroupToPerm.create(
perm.user, new_repo_group, perm.permission)
for perm in group_perms:
UserGroupRepoGroupToPerm.create(
perm.users_group, new_repo_group, perm.permission)
else:
perm_obj = self._create_default_perms(new_repo_group)
self.sa.add(perm_obj)
# now commit the changes, earlier so we are sure everything is in
# the database.
if commit_early:
self.sa.commit()
if not just_db:
self._create_group(new_repo_group.group_name)
# trigger the post hook
from rhodecode.lib.hooks_base import log_create_repository_group
repo_group = RepoGroup.get_by_group_name(group_name)
log_create_repository_group(
created_by=user.username, **repo_group.get_dict())
return new_repo_group
except Exception:
self.sa.rollback()
log.exception('Exception occurred when creating repository group, '
'doing cleanup...')
# rollback things manually !
repo_group = RepoGroup.get_by_group_name(group_name)
if repo_group:
RepoGroup.delete(repo_group.group_id)
self.sa.commit()
if cleanup_group:
RepoGroupModel()._delete_filesystem_group(repo_group)
raise
