def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
grant_perm = request.POST.get('create_repo_perm', False)
if grant_perm:
perm = Permission.get_by_key('hg.create.none')
UsersGroupModel().revoke_perm(id, perm)
perm = Permission.get_by_key('hg.create.repository')
UsersGroupModel().grant_perm(id, perm)
h.flash(_("Granted 'repository create' permission to user"),
category='success')
Session.commit()
else:
perm = Permission.get_by_key('hg.create.repository')
UsersGroupModel().revoke_perm(id, perm)
perm = Permission.get_by_key('hg.create.none')
UsersGroupModel().grant_perm(id, perm)
h.flash(_("Revoked 'repository create' permission to user"),
category='success')
Session.commit()
return redirect(url('edit_users_group', id=id))
def test_repo_group_user_as_user_group_member(self):
# create Group1
self.g1 = _make_group('group1', skip_if_exists=True)
Session.commit()
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.read'})
# set default permission to none
ReposGroupModel().grant_user_permission(repos_group=self.g1,
user=self.anon,
perm='group.none')
# make group
self.ug1 = UsersGroupModel().create('G1')
# add user to group
UsersGroupModel().add_user_to_group(self.ug1, self.u1)
Session.commit()
# check if user is in the group
membrs = [
x.user_id
for x in UsersGroupModel().get(self.ug1.users_group_id).members
]
self.assertEqual(membrs, [self.u1.user_id])
# add some user to that group
# check his permissions
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
# grant ug1 read permissions for
ReposGroupModel().grant_users_group_permission(repos_group=self.g1,
group_name=self.ug1,
perm='group.read')
Session.commit()
# check if the
obj = Session.query(UsersGroupRepoGroupToPerm)\
.filter(UsersGroupRepoGroupToPerm.group == self.g1)\
.filter(UsersGroupRepoGroupToPerm.users_group == self.ug1)\
.scalar()
self.assertEqual(obj.permission.permission_name, 'group.read')
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories_groups'],
{u'group1': u'group.read'})
def remove_user_from_users_group(self, apiuser, group_name, username):
"""
Remove user from a group
:param apiuser
:param group_name
:param username
"""
try:
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
raise JSONRPCError('unknown users group %s' % group_name)
user = User.get_by_username(username)
if user is None:
raise JSONRPCError('unknown user %s' % username)
success = UsersGroupModel().remove_user_from_group(users_group, user)
msg = 'removed member %s from users group %s' % (username, group_name)
msg = msg if success else "User wasn't in group"
Session.commit()
return dict(success=success, msg=msg)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to remove user from group')
def add_user_to_users_group(self, apiuser, group_name, username):
""""
Add a user to a users group
:param apiuser:
:param group_name:
:param username:
"""
try:
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
raise JSONRPCError('unknown users group %s' % group_name)
user = User.get_by_username(username)
if user is None:
raise JSONRPCError('unknown user %s' % username)
ugm = UsersGroupModel().add_user_to_group(users_group, user)
success = True if ugm != True else False
msg = 'added member %s to users group %s' % (username, group_name)
msg = msg if success else 'User is already in that group'
Session.commit()
return dict(
id=ugm.users_group_member_id if ugm != True else None,
success=success,
msg=msg
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to add users group member')
def edit(self, id, format='html'):
"""GET /users_groups/id/edit: Form to edit an existing item"""
# url('edit_users_group', id=ID)
c.users_group = self.sa.query(UsersGroup).get(id)
if not c.users_group:
return redirect(url('users_groups'))
c.users_group.permissions = {}
c.group_members_obj = [x.user for x in c.users_group.members]
c.group_members = [(x.user_id, x.username)
for x in c.group_members_obj]
c.available_members = [(x.user_id, x.username)
for x in self.sa.query(User).all()]
defaults = c.users_group.get_dict()
perm = Permission.get_by_key('hg.create.repository')
defaults.update({
'create_repo_perm':
UsersGroupModel().has_perm(c.users_group, perm)
})
return htmlfill.render(
render('admin/users_groups/users_group_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def update(self, id):
"""PUT /users_groups/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='put')
# url('users_group', id=ID)
c.users_group = UsersGroup.get(id)
c.group_members_obj = [x.user for x in c.users_group.members]
c.group_members = [(x.user_id, x.username)
for x in c.group_members_obj]
c.available_members = [(x.user_id, x.username)
for x in self.sa.query(User).all()]
available_members = [safe_unicode(x[0]) for x in c.available_members]
users_group_form = UsersGroupForm(
edit=True,
old_data=c.users_group.get_dict(),
available_members=available_members)()
try:
form_result = users_group_form.to_python(request.POST)
UsersGroupModel().update(c.users_group, form_result)
h.flash(_('updated users group %s') \
% form_result['users_group_name'],
category='success')
#action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
Session.commit()
except formencode.Invalid, errors:
e = errors.error_dict or {}
perm = Permission.get_by_key('hg.create.repository')
e.update(
{'create_repo_perm': UsersGroupModel().has_perm(id, perm)})
return htmlfill.render(
render('admin/users_groups/users_group_edit.html'),
defaults=errors.value,
errors=e,
prefix_error=False,
encoding="UTF-8")
def test_propagated_permission_from_users_group_lower_weight(self):
# make group
self.ug1 = UsersGroupModel().create('G1')
# add user to group
UsersGroupModel().add_user_to_group(self.ug1, self.u1)
# set permission to lower
new_perm_h = 'repository.write'
RepoModel().grant_user_permission(repo=HG_REPO,
user=self.u1,
perm=new_perm_h)
Session.commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
new_perm_h)
# grant perm for group this should NOT override permission from user
# since it's lower than granted
new_perm_l = 'repository.read'
RepoModel().grant_users_group_permission(repo=HG_REPO,
group_name=self.ug1,
perm=new_perm_l)
# check perms
u1_auth = AuthUser(user_id=self.u1.user_id)
perms = {
'repositories_groups': {},
'global':
set([
u'hg.create.repository', u'repository.read',
u'hg.register.manual_activate'
]),
'repositories': {
u'vcs_test_hg': u'repository.write'
}
}
self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
new_perm_h)
self.assertEqual(u1_auth.permissions['repositories_groups'],
perms['repositories_groups'])
def test_create_and_remove(self):
usr = UserModel().create_or_update(username=u'test_user',
password=u'qweqwe',
email=u'*****@*****.**',
name=u'u1',
lastname=u'u1')
Session.commit()
self.assertEqual(User.get_by_username(u'test_user'), usr)
# make users group
users_group = UsersGroupModel().create('some_example_group')
Session.commit()
UsersGroupModel().add_user_to_group(users_group, usr)
Session.commit()
self.assertEqual(UsersGroup.get(users_group.users_group_id),
users_group)
self.assertEqual(UsersGroupMember.query().count(), 1)
UserModel().delete(usr.user_id)
Session.commit()
self.assertEqual(UsersGroupMember.query().all(), [])
def tearDown(self):
if hasattr(self, 'test_repo'):
RepoModel().delete(repo=self.test_repo)
UserModel().delete(self.u1)
UserModel().delete(self.u2)
UserModel().delete(self.a1)
if hasattr(self, 'g1'):
ReposGroupModel().delete(self.g1.group_id)
if hasattr(self, 'g2'):
ReposGroupModel().delete(self.g2.group_id)
if hasattr(self, 'ug1'):
UsersGroupModel().delete(self.ug1, force=True)
Session.commit()
def delete(self, id):
"""DELETE /users_groups/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='delete')
# url('users_group', id=ID)
try:
UsersGroupModel().delete(id)
Session.commit()
h.flash(_('successfully deleted users group'), category='success')
except UsersGroupsAssignedException, e:
h.flash(e, category='error')
def create_users_group(self, apiuser, group_name, active=True):
"""
Creates an new usergroup
:param group_name:
:param active:
"""
if self.get_users_group(apiuser, group_name):
raise JSONRPCError("users group %s already exist" % group_name)
try:
ug = UsersGroupModel().create(name=group_name, active=active)
Session.commit()
return dict(id=ug.users_group_id,
msg='created new users group %s' % group_name)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to create group %s' % group_name)
def create(self):
"""POST /users_groups: Create a new item"""
# url('users_groups')
users_group_form = UsersGroupForm()()
try:
form_result = users_group_form.to_python(dict(request.POST))
UsersGroupModel().create(name=form_result['users_group_name'],
active=form_result['users_group_active'])
h.flash(_('created users group %s') \
% form_result['users_group_name'], category='success')
#action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
Session.commit()
except formencode.Invalid, errors:
return htmlfill.render(
render('admin/users_groups/users_group_add.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")