def testRemoveGroup(self):
group.add("foo")
foo = group.Group("foo")
fake_admin = Mock()
fake_admin.is_admin = True
foo.remove()
self.assert_("foo" not in [x.name for x in group.list(fake_admin)])
def write_groups(self, config):
from submin.models import group
from submin.models import user
# get filename
authz_file = config.get('svn', 'authz_file')
# read file
cp = self.read_ini(authz_file)
# get groups
groups = cp.options('groups')
for groupname in groups:
members = [
x.strip() for x in cp.get('groups', groupname).split(',')
]
try:
g = group.add(groupname)
except GroupExistsError:
g = group.Group(groupname)
for member in members:
u = user.User(member)
try:
g.add_member(u)
except MemberExistsError:
pass
if groupname == "submin-admins":
u.is_admin = True
def ajaxhandler(self, req, path):
success = False
error = ''
response = None
username = ''
if len(path) < 2:
return XMLStatusResponse('', False, 'Invalid Path')
action = path[0]
groupname = path[1]
if action == 'delete':
return self.removeGroup(groupname)
if 'removeMember' in req.post:
return self.removeMember(req, groupname)
if 'addMember' in req.post:
return self.addMember(req, groupname)
if 'listGroupUsers' in req.post:
return self.listGroupUsers(req, group.Group(groupname))
return XMLStatusResponse('', False, 'Unknown command')
def export_authz(**kwargs):
"""Export authorization/authentication info"""
# XXX the import here is to prevent a circular import :( design problem!
from .repository import list as list_repos
authz_filename = options.env_path("svn_authz_file")
authz = codecs.open(str(authz_filename), "w+", "utf-8")
# Write all groups
authz.write("[groups]\n")
for groupname in group.list(FakeAdminUser()):
g = group.Group(groupname)
authz.write("%s = %s\n" % (groupname, ', '.join(g.members())))
authz.write("\n")
# Write all repositories and their permissions
for repository in list_repos():
if repository["status"] != "ok":
continue
for path in permissions.list_paths(repository["name"], "svn"):
authz.write("[%s:%s]\n" % (repository["name"], path))
for perm in permissions.list_by_path(repository["name"], "svn",
path):
if perm["type"] == "group":
authz.write("@")
authz.write("%s = %s\n" % (perm["name"], perm["permission"]))
authz.write("\n")
authz.close()
def addpermission(self, req, repos):
name = req.post.get('name')
type = req.post.get('type')
path = req.post.get('path')
vcs_type = repos.vcs_type
default_perm = ''
if vcs_type == "git":
if path != "/":
default_perm = "w"
else:
default_perm = "r"
if type == 'group':
name = name.lower()
try:
group.Group(name)
except UnknownGroupError as e:
import re
if re.findall('[^a-zA-Z0-9_-]', name):
return XMLStatusResponse(
'addPermission', False,
'Invalid characters in groupname %s' % name)
group.add(name)
permissions.add(repos.name, repos.vcs_type, path, name, type,
default_perm)
if not repos.has_path_permissions:
path = path.lstrip('/')
return XMLStatusResponse('addPermission', True,
('User', 'Group')[type == 'group'] +
' %s added to path %s' % (name, path))
def testAddMember(self):
from submin.models import user
user.add("testUser", email="[email protected]", password="******")
group.add("testGroup")
u = user.User("testUser")
g = group.Group("testGroup")
g.add_member(u)
self.assert_("testUser" in g.members())
def testRemoveMember(self):
from submin.models import user
user.add("testUser1", email="[email protected]", password="******")
user.add("testUser2", email="[email protected]", password="******")
group.add("testGroup")
u1 = user.User("testUser1")
u2 = user.User("testUser2")
g = group.Group("testGroup")
g.add_member(u1)
g.add_member(u2)
g.remove_member(u2)
self.assert_("testUser2" not in g.members())
def removeGroup(self, groupname):
try:
g = group.Group(groupname)
g.remove()
except IOError:
return XMLStatusResponse('removeGroup', False,
'File permisson denied')
except UnknownGroupError:
return XMLStatusResponse('removeGroup', False,
'Group %s does not exist' % groupname)
return XMLStatusResponse('removeGroup', True, 'Group %s deleted' % g)
def removeFromGroup(self, req, u):
g = group.Group(req.post.get('removeFromGroup'))
success = True
try:
g.remove_member(u)
except: # XXX except what?!
succes = False
msgs = {
True: 'User %s removed from group %s' % (u.name, g.name),
False: 'User %s is not a member of %s' % (u.name, g.name)
}
return XMLStatusResponse('removeFromGroup', success, msgs[success])
def addToGroup(self, req, u):
g = group.Group(req.post.get('addToGroup'))
success = True
try:
g.add_member(u)
except MemberExistsError:
success = False
msgs = {
True: 'User %s added to group %s' % (u.name, g.name),
False: 'User %s already in group %s' % (u.name, g.name)
}
return XMLStatusResponse('addToGroup', success, msgs[success])
def addMember(self, req, groupname):
username = req.post.get('addMember')
success = True
try:
group.Group(groupname).add_member(user.User(username))
except MemberExistsError:
success = False
msgs = {
True: 'User %s added to group %s' % (username, groupname),
False: 'User %s already in group %s' % (username, groupname)
}
return XMLStatusResponse('addMember', success, msgs[success])
def removeMember(self, req, groupname):
g = group.Group(groupname)
username = req.post.get('removeMember')
success = True
try:
g.remove_member(user.User(username))
except:
success = False
msgs = {
True: 'User %s removed from group %s' % (username, groupname),
False:
'User %s is not a member of group %s' % (username, groupname)
}
return XMLStatusResponse('removeMember', success, msgs[success])
def show(self, req, path, localvars):
if len(path) < 1:
return ErrorResponse('Invalid path', request=req)
is_admin = req.session['user']['is_admin']
try:
g = group.Group(path[0])
except (IndexError, UnknownGroupError):
if not is_admin:
return ErrorResponse('Not permitted', request=req)
return ErrorResponse('This group does not exist.', request=req)
if not is_admin and req.session['user']['name'] not in g.members():
return ErrorResponse('Not permitted', request=req)
localvars['group'] = g
formatted = evaluate_main('groups.html', localvars, request=req)
return Response(formatted)
path = re.sub('/', '_', path)
correct_groupname = '%s_%s' % (path, permission)
return correct_groupname
for groupname in groups:
permissions_by_group = list(permissions.list_by_group(groupname))
if not permissions_by_group:
verboseprint("Group %s is not used" % groupname)
if report:
continue
group.Group(groupname).remove()
verboseprint("Removed unused group %s" % groupname)
continue
permissions_to_groupname = []
match = False # Gets True when the name of a group matches its permission
for permission_by_group in permissions_by_group:
correct_groupname = get_correct_groupname(permission_by_group)
if groupname == correct_groupname:
match = True
permissions_to_groupname.append(
(permission_by_group, groupname, correct_groupname))
for ptg in permissions_to_groupname:
permission_by_group, groupname, correct_groupname = ptg
def testEmptyMemberList(self):
group.add("foo")
foo = group.Group("foo")
self.assertEquals(list(foo.members()), [])
def testGetGroup(self):
group.add("foo")
g = group.Group("foo")
self.assertEquals(g.name, "foo")