def get_users_group(self, apiuser, group_name):
""""
Get users group by name
:param apiuser:
:param group_name:
"""
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
return None
members = []
for user in users_group.members:
user = user.user
members.append(dict(id=user.user_id,
username=user.username,
firstname=user.name,
lastname=user.lastname,
email=user.email,
active=user.active,
admin=user.admin,
ldap=user.ldap_dn))
return dict(id=users_group.users_group_id,
name=users_group.users_group_name,
active=users_group.users_group_active,
members=members)
def add_user_to_users_group(self, apiuser, group_name, user_name):
""""
Add a user to a group
:param apiuser
:param group_name
:param user_name
"""
try:
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
raise JSONRPCError('unknown users group %s' % group_name)
try:
user = User.get_by_username(user_name)
except NoResultFound:
raise JSONRPCError('unknown user %s' % user_name)
ugm = UsersGroupModel().add_user_to_group(users_group, user)
return dict(id=ugm.users_group_member_id,
msg='created new users group member')
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to create users group member')
def revoke_users_group_permission(self, apiuser, repo_name, group_name):
"""
Revoke permission for users group on given repository
:param repo_name:
:param group_name:
"""
try:
repo = Repository.get_by_repo_name(repo_name)
if repo is None:
raise JSONRPCError('unknown repository %s' % repo)
user_group = UsersGroup.get_by_group_name(group_name)
if user_group is None:
raise JSONRPCError('unknown users group %s' % user_group)
RepoModel().revoke_users_group_permission(repo=repo_name,
group_name=group_name)
Session.commit()
return dict(
msg='Revoked perm for group: %s in repo: %s' % (
group_name, repo_name
)
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'failed to edit permission %(repo)s for %(usersgr)s' % dict(
usersgr=group_name, repo=repo_name
)
)
def remove_user_from_users_group(self, apiuser, group_name, username):
"""
Remove user from a group
:param apiuser
:param group_name
:param username
"""
try:
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
raise JSONRPCError('unknown users group %s' % group_name)
user = User.get_by_username(username)
if user is None:
raise JSONRPCError('unknown user %s' % username)
success = UsersGroupModel().remove_user_from_group(users_group, user)
msg = 'removed member %s from users group %s' % (username, group_name)
msg = msg if success else "User wasn't in group"
Session.commit()
return dict(success=success, msg=msg)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to remove user from group')
def get_users_group(self, apiuser, group_name):
""""
Get users group by name
:param apiuser:
:param group_name:
"""
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
return None
members = []
for user in users_group.members:
user = user.user
members.append(dict(id=user.user_id,
username=user.username,
firstname=user.name,
lastname=user.lastname,
email=user.email,
active=user.active,
admin=user.admin,
ldap=user.ldap_dn))
return dict(id=users_group.users_group_id,
group_name=users_group.users_group_name,
active=users_group.users_group_active,
members=members)
def add_user_to_users_group(self, apiuser, group_name, username):
""""
Add a user to a users group
:param apiuser:
:param group_name:
:param username:
"""
try:
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
raise JSONRPCError('unknown users group %s' % group_name)
user = User.get_by_username(username)
if user is None:
raise JSONRPCError('unknown user %s' % username)
ugm = UsersGroupModel().add_user_to_group(users_group, user)
success = True if ugm != True else False
msg = 'added member %s to users group %s' % (username, group_name)
msg = msg if success else 'User is already in that group'
Session.commit()
return dict(
id=ugm.users_group_member_id if ugm != True else None,
success=success,
msg=msg
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to add users group member')
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USERS_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'active':True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'created users group %s' % users_group_name)
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
# check if user has this perm
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == ug).all()
perms = [[x.__dict__['users_group_id'],
x.__dict__['permission_id'],] for x in perms]
self.assertEqual(
perms,
[[ug.users_group_id, p.permission_id]]
)
# DELETE !
ug = UsersGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = self.Session.query(UsersGroup)\
.filter(UsersGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group_id == ugid).all()
perms = [[x.__dict__['users_group_id'],
x.__dict__['permission_id'],] for x in perms]
self.assertEqual(
perms,
[]
)
def validate_python(self, value, state):
if value in ["default"]:
msg = M(self, "invalid_group", state)
raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg))
# check if group is unique
old_ugname = None
if edit:
old_id = old_data.get("users_group_id")
old_ugname = UsersGroup.get(old_id).users_group_name
if old_ugname != value or not edit:
is_existing_group = UsersGroup.get_by_group_name(value, case_insensitive=True)
if is_existing_group:
msg = M(self, "group_exist", state, usersgroup=value)
raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg))
if re.match(r"^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$", value) is None:
msg = M(self, "invalid_usersgroup_name", state)
raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg))
def validate_python(self, value, state):
if value in ['default']:
raise formencode.Invalid(_('Invalid group name'), value, state)
#check if group is unique
old_ugname = None
if edit:
old_ugname = UsersGroup.get(
old_data.get('users_group_id')).users_group_name
if old_ugname != value or not edit:
if UsersGroup.get_by_group_name(value, cache=False,
case_insensitive=True):
raise formencode.Invalid(_('This users group '
'already exists') , value,
state)
if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
raise formencode.Invalid(_('Group name may only contain '
'alphanumeric characters '
'underscores, periods or dashes '
'and must begin with alphanumeric '
'character'), value, state)
def validate_python(self, value, state):
if value in ['default']:
raise formencode.Invalid(_('Invalid group name'), value, state)
#check if group is unique
old_ugname = None
if edit:
old_ugname = UsersGroup.get(
old_data.get('users_group_id')).users_group_name
if old_ugname != value or not edit:
if UsersGroup.get_by_group_name(value, cache=False,
case_insensitive=True):
raise formencode.Invalid(_('This users group '
'already exists'), value,
state)
if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
raise formencode.Invalid(
_('RepoGroup name may only contain alphanumeric characters '
'underscores, periods or dashes and must begin with '
'alphanumeric character'),
value,
state
)
def grant_users_group_permission(self, apiuser, repo_name, group_name, perm):
"""
Grant permission for users group on given repository, or update
existing one if found
:param repo_name:
:param group_name:
:param perm:
"""
try:
repo = Repository.get_by_repo_name(repo_name)
if repo is None:
raise JSONRPCError('unknown repository %s' % repo)
user_group = UsersGroup.get_by_group_name(group_name)
if user_group is None:
raise JSONRPCError('unknown users group %s' % user_group)
RepoModel().grant_users_group_permission(repo=repo_name,
group_name=group_name,
perm=perm)
Session.commit()
return dict(
msg='Granted perm: %s for group: %s in repo: %s' % (
perm, group_name, repo_name
)
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'failed to edit permission %(repo)s for %(usersgr)s' % dict(
usersgr=group_name, repo=repo_name
)
)
def update(self, repo_name, form_data):
try:
cur_repo = self.get_by_repo_name(repo_name, cache=False)
# update permissions
for member, perm, member_type in form_data["perms_updates"]:
if member_type == "user":
r2p = (
self.sa.query(RepoToPerm)
.filter(RepoToPerm.user == User.by_username(member))
.filter(RepoToPerm.repository == cur_repo)
.one()
)
r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(r2p)
else:
g2p = (
self.sa.query(UsersGroupRepoToPerm)
.filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member))
.filter(UsersGroupRepoToPerm.repository == cur_repo)
.one()
)
g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(g2p)
# set new permissions
for member, perm, member_type in form_data["perms_new"]:
if member_type == "user":
r2p = RepoToPerm()
r2p.repository = cur_repo
r2p.user = User.by_username(member)
r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(r2p)
else:
g2p = UsersGroupRepoToPerm()
g2p.repository = cur_repo
g2p.users_group = UsersGroup.get_by_group_name(member)
g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar()
self.sa.add(g2p)
# update current repo
for k, v in form_data.items():
if k == "user":
cur_repo.user = User.by_username(v)
elif k == "repo_name":
cur_repo.repo_name = form_data["repo_name_full"]
elif k == "repo_group":
cur_repo.group_id = v
else:
setattr(cur_repo, k, v)
self.sa.add(cur_repo)
if repo_name != form_data["repo_name_full"]:
# rename repository
self.__rename_repo(old=repo_name, new=form_data["repo_name_full"])
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def get_by_name(self, name, cache=False, case_insensitive=False):
return UsersGroup.get_by_group_name(name, cache, case_insensitive)
def update(self, repo_name, form_data):
try:
cur_repo = self.get_by_repo_name(repo_name, cache=False)
# update permissions
for member, perm, member_type in form_data['perms_updates']:
if member_type == 'user':
r2p = self.sa.query(RepoToPerm)\
.filter(RepoToPerm.user == User.get_by_username(member))\
.filter(RepoToPerm.repository == cur_repo)\
.one()
r2p.permission = self.sa.query(Permission)\
.filter(Permission.permission_name ==
perm).scalar()
self.sa.add(r2p)
else:
g2p = self.sa.query(UsersGroupRepoToPerm)\
.filter(UsersGroupRepoToPerm.users_group ==
UsersGroup.get_by_group_name(member))\
.filter(UsersGroupRepoToPerm.repository ==
cur_repo).one()
g2p.permission = self.sa.query(Permission)\
.filter(Permission.permission_name ==
perm).scalar()
self.sa.add(g2p)
# set new permissions
for member, perm, member_type in form_data['perms_new']:
if member_type == 'user':
r2p = RepoToPerm()
r2p.repository = cur_repo
r2p.user = User.get_by_username(member)
r2p.permission = self.sa.query(Permission)\
.filter(Permission.
permission_name == perm)\
.scalar()
self.sa.add(r2p)
else:
g2p = UsersGroupRepoToPerm()
g2p.repository = cur_repo
g2p.users_group = UsersGroup.get_by_group_name(member)
g2p.permission = self.sa.query(Permission)\
.filter(Permission.
permission_name == perm)\
.scalar()
self.sa.add(g2p)
# update current repo
for k, v in form_data.items():
if k == 'user':
cur_repo.user = User.get_by_username(v)
elif k == 'repo_name':
pass
elif k == 'repo_group':
cur_repo.group_id = v
else:
setattr(cur_repo, k, v)
new_name = cur_repo.get_new_name(form_data['repo_name'])
cur_repo.repo_name = new_name
self.sa.add(cur_repo)
if repo_name != new_name:
# rename repository
self.__rename_repo(old=repo_name, new=new_name)
self.sa.commit()
return cur_repo
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def test_enable_repository_read_on_group(self):
self.log_user()
users_group_name = TEST_USERS_GROUP + 'another2'
response = self.app.post(url('users_groups'),
{'users_group_name': users_group_name,
'active': True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
self.checkSessionFlash(response,
'created users group %s' % users_group_name)
## ENABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{'create_repo_perm': True})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.repository')
p2 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == ug).all()
self.assertEqual(
[[x.users_group_id, x.permission_id, ] for x in perms],
[[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id]]
)
## DISABLE REPO CREATE ON A GROUP
response = self.app.put(url('users_group_perm', id=ug.users_group_id),
{})
response.follow()
ug = UsersGroup.get_by_group_name(users_group_name)
p = Permission.get_by_key('hg.create.none')
p2 = Permission.get_by_key('hg.fork.none')
# check if user has this perms, they should be here since
# defaults are on
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group == ug).all()
self.assertEqual(
sorted([[x.users_group_id, x.permission_id, ] for x in perms]),
sorted([[ug.users_group_id, p.permission_id],
[ug.users_group_id, p2.permission_id]])
)
# DELETE !
ug = UsersGroup.get_by_group_name(users_group_name)
ugid = ug.users_group_id
response = self.app.delete(url('users_group', id=ug.users_group_id))
response = response.follow()
gr = self.Session.query(UsersGroup)\
.filter(UsersGroup.users_group_name ==
users_group_name).scalar()
self.assertEqual(gr, None)
p = Permission.get_by_key('hg.create.repository')
perms = UsersGroupToPerm.query()\
.filter(UsersGroupToPerm.users_group_id == ugid).all()
perms = [[x.users_group_id,
x.permission_id, ] for x in perms]
self.assertEqual(
perms,
[]
)
